How do you transfer a monetary ransom to an organization operating within a country that is blocked from accessing western financial infrastructure?
You can't use USD bank transfers (you open yourself up to SEC and DoJ prosecution), you can't use gold (the logistics are near impossible), and you can't transfer assets (same story as above).
Crypto is unique in that it's both a virtual store of assets, and has infrastructure that can exist independent of western financial infrastructure
Right now most Russians want to get money out of Russia, not in. Assuming they need it in Russia, the can get paid the ransom to an account in Cyprus, and just swap deposits with a wealthy Russian trying to get rubbles out. Sadly, the obstacles in the financial system only work for law abiding citizens, criminals always find creative ways to circumvent them.
"In 2012, U.S. federal regulators hit HSBC Holdings with a $1.9 billion fine, along with $665 million in civil penalties, for significant lapses in its compliance and anti-money laundering (AML) systems. HSBC laundered over $881 million for Mexico's Sinaloa and Colombia's Norte del Valle drug cartels."
1. It is generally viewed as safer to keep large amounts of money outside of Russia. This is both because the Russian economy is bad, and because organized crime is a huge problem inside of Russia.
2. Russia and Russians have large shortages of things that can easily be bought outside of Russia. Once bought, they are fairly easy to smuggle back into Russia. But first you need to have money outside of Russia.
3. Russians like vacations. Getting yourself out of the country is easier than getting your money out of the country.
Airdropped cash in bags? Or a hawala network with Russian businessmen who want to get USD? I would say crypto certainly simplifies the operation considerably, but it is not strictly necessary.
It's tougher to get US business executives to sign off on paying with cash in bags due to the higher risk of criminal prosecution. That might have worked back when the casinos were mafia run but now most of them are publicly traded corporations subject to strict oversight.
There is generally no criminal prosecution for paying ransoms. There might be if the ransomware group is sanctioned but that would true regardless of payment method. If a public company paid a ransom via cash or by buying a bunch of bitcoin through an exchange they would still have to make the same 8-K filings and accounting changes etc.
There's something called "business email compromise" with annual losses about 10x that of ransomware. It relies on tricking companies into paying invoices to an attacker controlled bank account instead of their actual vendors' bank account. Google lost over a hundred million dollars to some Latvian guy who was able to pull this off by pretending to be Quanta Computer. There's also just bank fraud in the Zeus style where they transfer $200000 out of your account to some company in China or Bulgaria.
These scams are all still incredibly profitable despite relying entirely on the regular financial system. There is no reason to think ransomware would stop in the absence of cryptocurrency given that extensive infrastructure has existed and currently exists to "cashout" proceeds of fraud. And in the ransomware case it's even easier because the victim is willingly making the payment, and the attacker can just not give the decryption key if the victim trys to stop the payment in any way.
And yes, this scales. If you ever looked at the promoted stories on Snapchat a few years ago, you may have seen a user with the name "The Billionaire Gucci Master" living a very opulent lifestyle. That was all paid for with business email compromise money.
Yes, I am aware. I just think people here overestimate the reversibility and traceability of the traditional system. If you're a business and you're defrauded/hacked and don't realize within a week (usually even less time), five will get you ten that money's never coming back. It went to a mule who withdrew it as cash or wired it overseas. And there's no Reg E for businesses so your bank isn't going to help either.
And what does a likely ransomware payment look like?
In a lot of cases, it is an unexpected purchase of crypto.
Remember, large payments generally start and end in the financial system. The interesting bit is what is in the middle to make it hard for law enforcement to track down and stop crime.
x = ["languages", "alphabets", "keyboards", "electricity", "computers", "linux/windows", "internet", "crypto"]
I have the suspicion that we'll be blaming AI soon.
Besides, while crypto is definitely useful, the financial system seems to work fine too.
"U.S. banks and financial institutions processed roughly $1.2 billion in likely ransomware payments in 2021"
https://www.cnbc.com/2022/11/01/us-banks-process-roughly-1po...