The Culprit Behind the 'Industrialization of Hacking': Bitcoin... Rampant Crime as Tracking Becomes Impossible [Concealment 6]

As the price of Bitcoin soars to unprecedented heights, hackers are quietly reaping the benefits. Since the mid-2010s, cryptocurrencies have gained popularity as a means of paying "ransom" because, while they allow hackers to specify exactly where the money should be sent, they also make it impossible for anyone to trace their location. This has enabled hackers to carry out even more perfect hostage scenarios.

After the outbreak of the Russia-Ukraine war in 2022, internal strife within Russia's "Conti," the world's largest hacking organization, led to the public release of its accounting records. In a single year (2021), Conti earned a staggering $180 million (255.6 billion won) through ransomware attacks. At the time, Reuters reported, "Almost all ransomware attacks are carried out using Bitcoin. Such cryptocurrencies have significantly contributed to the spread of ransomware," analyzing the reasons why Conti was able to generate such enormous profits.

Before the advent of cryptocurrencies, hackers were constantly on the run. If they conducted transactions through banks, they were easily tracked, so instead of demanding money, they focused on showing off their skills by proving they could breach certain companies. However, as Bitcoin became widespread, hacking began to "industrialize." Cryptocurrencies enabled the laundering of "black money," lowering the barriers to entry for ransomware crimes. The growing scale of the dark web, where hackers trade stolen data, is evidence of this trend.

According to Google Threat Intelligence Group (GTIG), the number of newly created data leak sites on the dark web was 25 in 2022, 34 in 2023, and at least 47 to as many as 50 last year. A domestic security industry official commented, "Such indicators allow us to estimate that the number of hackers is increasing. Just as an increase in hyenas on the African savanna means that even prey previously ignored becomes a target, the industries and sizes of victimized companies have diversified."

There has been a correlation between the number of ransomware victim companies and the price of Bitcoin. According to AhnLab Forensic Intelligence ReSearch Team (A-FIRST), AhnLab's dedicated cyber incident response and threat intelligence unit, ransomware activity and the closing price of Bitcoin have followed similar trajectories over the past 10 years (2014-2024). Ransomware activity was measured by the number of reported incidents covered by cybersecurity media outlets.

Especially after 2020, both numbers surged. The number of reported victim companies jumped from 206 in 2020 to 427 in 2021?more than doubling. The price per Bitcoin likewise rose from $28,949 to $46,219, nearly doubling as well. An AhnLab official stated, "In 2023, Bitcoin prices fell and ransomware activity also slowed, but both have been surging again since the end of last year. This year, with Bitcoin prices rising significantly, there are concerns that ransomware damage will increase substantially."

There are additional reasons, beyond Bitcoin, to expect hacking to become even more rampant in the future. Some hackers have created "Ransomware as a Service (RaaS)," which assists with everything from ransomware development to distribution. A security industry official explained, "It's similar to how the malicious code 'BPFdoor,' used in the SK Telecom hacking incident, is available as open source, making it easy for multiple hacker groups to use. In the past, only professional hackers conducted attacks, but now, with RaaS being traded on the dark web, anyone can commit crimes if they choose." RaaS offers 24/7 support, not only for hacking techniques but also for money laundering and variant development. Typically, paying $300 (about 420,000 won) grants access to RaaS. If a ransom is successfully collected, the profits are usually split from "70% (hacker) to 30% (RaaS operator)" up to "90% to 10%."

The hacker group "Akira," which has applied the revenue model of "Ransomware as a Service (RaaS)," is a representative example. It has been reported that more than 240 companies have had their data exposed on Akira's site on the dark web.

A representative hacker group that has adopted the RaaS revenue model is "Akira," which emerged in early 2023. Hackers use the hacking technology provided by Akira to attack companies and then post the stolen data on Akira's dark web homepage. Upon visiting the site, one finds a message stating, "If you have accessed this, it means you have been the victim of a cyberattack," and, "Consider this incident as an 'unannounced forced network vulnerability inspection.' If you cooperate, you can minimize the damage." The message also warns, "If you make another choice, you will be publicly shamed here," threatening information leaks. According to SK Shieldus, as of the end of last year, more than 240 companies had their data exposed on this site. Considering cases that were made private after negotiations or companies whose data has not yet been released, the actual damage is estimated to be even greater.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.