Businesses’ dependency on technology has led to an unprecedented growth in cybercrime, with crypto-ransomware as the star crime modality among cybercriminals being one of the greatest threats faced by organisations. Due to its serious operational consequences: the interruption of the business areas affected by the cyber-attack. Crypto-ransomware involves a malicious software or malware that encrypts certain files containing valuable company data and then demands a ransom payment in exchange for the decryption key, usually in virtual currencies as they are more difficult to trace. This is a more sophisticated evolution of earlier ransomware variants, such as scareware (malware that invited the user to visit infected websites), or lockers (which blocked the user's interface, preventing access to corporate devices).
On a positive note, this increase in cyber-attacks with the Covid 19 health crisis as a tailwind has come together with the consolidation of blockchain networks as the best positioned technology to take companies to the next level of security, regardless of their sector and size, adding a new layer of protection against this type of threat. Today most companies use centralised information storage systems, which means that cybercriminals just need to focus their efforts on attacking a single vulnerable point in order to access the sensitive data stored in them: servers. However, the differential value of blockchain technology lies in the fact that it is a platform that operates in a distributed manner, so that the transactions carried out by each company are replicated in a multitude of computers -called nodes- of countless users around the world, but inaccessible to all those outside the entity because they are encrypted.
This seemingly simple idea prevents ransomware attacks from disrupting the operations of the company or any of its departments. If the cybercriminal manages to hijack the information stored in one node, the data will still be accessible to the company through the rest of the nodes in the blockchain network, since an integral and encrypted copy of the hijacked information is stored in all of them, thus providing an additional level of accessibility to the data.
On the other hand, in addition to being a resilient technology against these attacks, the blockchain allows police and judicial authorities to track the specific person who has carried out a given transaction in economic traffic. Insofar as the information that is incorporated into the blockchain is digitally signed, cryptographically associated with a user and with a specific time stamp, making it impossible for a third party to duplicate, modify or, in short, hack the signature of a transaction once it has been validated.
The blockchain allows the authorities to verify the person who has carried out a transaction in the economic traffic. This makes the blockchain, with the due collaboration of the exchanges, an optimal platform to facilitate the prosecution of certain crimes.
False accounting, as the keeping of a company's accounting records is duly reflected on the network
Corruption crimes in tendering processes, insofar as there is evidence of compliance with the objective criteria established for the correct award of a public tender
Crimes of subsidy fraud, misappropriation, disloyal administration or embezzlement of public funds, insofar as the application of the money to a specific destination or purpose, whether public or private, is duly traced.
Crimes against the Public Treasury insofar as the correlation of the figures of a company's activity with those reflected in its tax returns is evidenced.
As well as crimes of money laundering insofar as the identification of the 'know your client' and the lawful origin of the money is also established.
A less strong point is that, although blockchain technology is secure by definition, this does not prevent its effectiveness from being reduced. In crimes whereby the victim's error has been the trigger for the hacker to obtain his loot, as happens in phishing techniques, pharming, or CEO fraud, after the appropriation of their personal and/or banking data.
Similarly, this technology implies a single external risk that is beyond control: an eventual global internet blackout would lead to the interruption of the operation of blockchain networks, like any other interconnected technology. Overall, the blockchain network offers innovative solutions to traditional business concerns, providing a higher level of confidentiality and availability of the strategic information of organisations. This means a giant step toward effectively mitigating the most damaging cyber-attacks for their operations (with prevention being the most effective defence) and facilitating the prosecution of other crimes, mainly economic, due to its recognised capacity to verify the traceability of economic transactions.
This blog was written by Javier Cuairán García, White Collar Crime Lawyer, ONTIER Spain.
For all questions regarding the topics raised in this blog, please contact Javier or a member of our team of digital asset legal experts.