Cybersecurity company Kaspersky reported that ransomware negotiations and payments may soon come to rely less on Bitcoin as a means of payment.

The Russian-founded firm attributed this transition to improvements in the technology that detects the flow and sources of Bitcoin, as well as increased sanctions and market regulation. 

The firm added that cybercriminals will instead look towards other digital currencies to facilitate their illicit payments. 

With the price of crypto dropping, threat actors will stand to gain less, and will therefore look to other more profitable forms of payment," Kaspersky Global Research and Analysis researcher Marc Rivero told Decrypt. "Another reason is that sanctions on ransomware payments are continuing to be issued. As markets become much more regulated and the technologies used to track the flow and sources of Bitcoin improves, threat actors will naturally move away from this form of payment as it opens them up to exposure and increases the chances of being apprehended.”


As it stands, cryptocurrency represents a huge part of the world of cybercrime, according to research by Chainalysis. Cryptocurrency addresses linked to ransomware payments attracted $602 million worth of transfers in 2021, which the sleuthing firm claimed is likely to be an underestimate. 

Digital currencies explicitly built with privacy in mind, such as Monero or Zcash, are already gaining much popularity with cybercriminals too. 

Jason Rebholz, a CISO from cyber insurance company Corvus, told TechTarget that some of the world’s most important hacking groups, such as Darkside, not only accept Monero but offer a small discount for payments made via the privacy-preserving cryptocurrency. 

Darkside was implicated in last year's Colonial Pipeline ransomware attack, which left much of the U.S. with disrupted access to gas. 


Private cryptocurrencies take center stage

Unlike Bitcoin, currencies such as Monero have fundamental differences in their underlying technology intended to improve privacy.

As per a whitepaper from the Monero core development team, Monero looks to remedy privacy issues impacting other tokens “by storing only single-use addresses for receipt of funds in the blockchain.” Conversely, receiving addresses on Bitcoin are visible on the public blockchain and remain the same across multiple transactions, which could help anyone looking to trace transactions and payment patterns. 

Monero also used a technology called “Ring Signatures,” a method where the originator of a transaction can combine their signature with other parties, making the transaction's true origin harder to trace. 

In 2020, an analyst at Interpol Jerek Jakubcek also outlined how he “hit the end of the road” when investigating a suspect that used both the privacy browser Tor and Monero. 

“Whatever happened on the Bitcoin blockchain was visible, and that’s why we were able to get reasonably far,” he said. “But with the Monero blockchain, that was the point where the investigation has ended. This is a classical example of one of several cases we had where the suspect decided to move funds from Bitcoin or Ethereum to Monero.“

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.