The unfamiliarity and confusion surrounding cryptocurrency make it easier for cybercriminals to prey on their victims. Before explaining how a cybercriminal can exploit people for cryptocurrency, it helps to have a basic understanding of the technology.
Bitcoin is one form of cryptocurrency in the same way that the Euro is one form of government-issued currency. Cryptocurrency is any digital currency designed as a medium of exchange that operates independently from a central banking authority. Due to its decentralization, transactions are peer-to-peer, quick, and nearly anonymous. Transactions are validated by mining. Here is a breakdown of these terms.
- Digital– There are no physical coins, bills, or notes. Everything exists on computers.
- Independent– There is no central bank or server. Transaction validation is distributed across a network of computers.
- Peer-to-peer– Currency is exchanged directly between sender and receiver. There is no third party like there is with Venmo or Zelle.
- Quick– The average confirmation time of a Bitcoin transaction is “approximately 10 minutes” (Bhalla, 2022).
- Nearly Anonymous– Owners and users of cryptocurrency do not have to disclose any personal information. Anyone can own and use cryptocurrency.
- Mining– It is essentially the auditing process for transactions. The audit involves computers solving an extremely complicated math problem. As a reward for doing this calculation, the miner will receive some cryptocurrency.
Enter the Cybercriminal
Two popular ways for a cybercriminal to obtain cryptocurrency are extorting a victim for their data and mining cryptocurrency on a victim’s computer.
The first method is called ransomware. Ransomware is what criminals used during the attack on the Colonial Pipeline Company in May of 2021 (U.S. Department of Energy). In a nutshell, it is when malicious software prevents a user from accessing their computer files. Afterward, the attacker demands that their victim pay a ransom – usually in cryptocurrency – to unlock their files.
The second method is called Cryptojacking. It happens when a cybercriminal infects the victim’s computer with malicious software that mines on the attacker’s behalf. The victim’s computer’s processing power is hijacked, and the attacker reaps the reward.
How can you avoid these attacks?
- Keep your operating system, software, and applications up to date.
- Set your anti-virus software to auto-update and scan regularly.
- Avoid downloading software from suspicious sites. When possible, stick to using trusted app stores like Google Play, the Apple App Store, and the Microsoft Store.
- Do not click suspicious links sent to you via email or text message.
Additional Reading:
- What is Cryptocurrency: Your Complete Crypto ABC
- Employee Follows Policy to Report Colonial Pipeline Attack | Office of Information Security | Washington University in St. Louis (wustl.edu)
If you are a victim of ransomware:
- Contact your local FBI field office to request assistance or submit a tip online.
- File a report with the FBI’s Internet Crime Complaint Center (IC3).
References
- Bhalla, A. (2022, March 24). Top cryptocurrencies with their high transaction speeds. Blockchain Council. Retrieved April 16, 2022
- Bitcoin Price Today, BTC to USD live, market cap, and Chart/. CoinMarketCap. (n.d.). Retrieved April 16, 2022
- U.S. Department of Energy. (n.d.). /Colonial Pipeline Cyber Incident/. Energy.gov. Retrieved April 16, 2022