Ransomware Attacks and Cyber Scams Surge in 2020

Ransomware attacks surged 300% in calendar year 2020, according to Chainalysis. And in 2020, $406.3 million was paid out in cryptocurrency ransoms, 337% more than the previous year. This calendar year’s ransom payments are on pace to pass seven figures.

The attacks have crippled supply chains and critical infrastructure by holding digital information hostage.

  • Colonial Pipeline, one of the largest fuel pipelines in the US, was forced offline for six days in May.
  • An Iowa grain co-op was hit by a cyberattack, and hackers demanded $5.9 million to unlock the organization’s data.

Ransomware is something that government agencies are extremely focused on these days. They’re viewing it on par with terrorist financing attacks. The victims of ransomware attacks are mostly big businesses, where more sophisticated attack appear to be sanctioned by foreign governments such as Russia, China, North Korea or Iran.

However, big business are not the only victims of cybercriminals. Nearly 7,000 individual investors lost a collective $80 million to cryptocurrency scams from October 2020 to March 2021, according to the Federal Trade Commission.

Currently, the biggest type of cybercriminal activity in terms of volume is scamming: your investment scam, your Ponzi scheme, or just a phishing attack. Retail investors are oftentimes more vulnerable to being taken advantage of by scammers. But these scams impact the government as well, because the SEC is chartered to make sure they’re protecting consumers.

The bottomline is that “illicit activity on the blockchain is heating up, from minor scams to elaborate ransomware attacks”, explained Kimberly Grauer, director of research at Chainalysis.

The majority of cryptocurrency activity is legal according to the U.S. Treasury Department. But, cryptocurrency can be exploited by cybercriminals and leveraged for ransomware attacks. Crypto’s decentralized nature can make it more difficult to track down hackers.

The SEC’s Office of Investor Education and Advocacy issues periodic Investor Alerts to help investors identify signs that what is offered as an investment may actually be a scam or fraud. They urge investors to be on high alert in order to protect themselves and others from becoming victims of investment cyber fraud.

The key to avoiding investment fraud and scams is to be an educated investor. Below are five tips from the SEC website investor.gov to help you avoid investment fraud:

  1. Be Wary of Unsolicited Offers to Invest – Cybercriminals look for victims on social media sites, chat rooms, and bulletin boards. If you see a new post on your wall, a tweet mentioning you, a direct message, an e-mail, or any other unsolicited – meaning you didn’t ask for it and don’t know the sender – communication regarding a so-called investment opportunity, you should exercise extreme caution.
  2. Look out for Common “Red Flags” – Wherever you come across a recommendation for an investment – be it on the Internet or from a personal friend (or both), “red flags” such as (a) It sounds too good to be true since any investment that sounds too good to be true probably is; (b) The promise of “guaranteed” returns since every investment entails some level of risk, which is reflected in the rate of return you can expect to receive; and (c) Pressure to buy RIGHT NOW because should not be pressured or rushed into buying an investment before you have a chance to research the “opportunity.”
  3. Look out for “Affinity Fraud” – Never make an investment based solely on the recommendation of a member of an organization or group to which you belong, especially if the pitch is made online. An investment pitch made through an online group of which you are a member, or on a chat room or bulletin board catered to an interest you have, may be an affinity fraud. Affinity fraud refers to investment scams that prey upon members of identifiable groups, such as religious or ethnic communities, the elderly, or professional groups. Even if you do know the person making the investment offer, be sure to check out everything – no matter how trustworthy the person seems who brings the investment opportunity to your attention (think Bernie Madoff). Be aware that the person telling you about the investment may have been fooled into believing that the investment is legitimate when it is not.
  4. Be Thoughtful About Privacy and Security Settings – Investors who use social media websites as a tool for investing should be mindful of the various features on these websites in order to protect their privacy and help avoid fraud. Understand that unless you guard personal information, it may become available for anyone with access to the Internet – including cybercriminals.
  5. Ask Questions and Check Out Everything – Be skeptical and research every aspect of an offer before making a decision. Investigate the investment thoroughly and check the truth of every statement you are told about the investment. Never rely on a testimonial or take a promoter’s word at face value. You can check out many investments using the SEC’s EDGAR filing system or your state’s securities regulator.

Investors on the Internet and social media should always be on the lookout for cyber scams and fraud. If you have a question or concern about an investment, or you think you have encountered fraud, you should contact the SEC or FINRA,


References:

  1. https://www.morningbrew.com/daily/stories/2021/08/23/blockchain-expert-fights-crypto-crime
  2. https://www.sec.gov/oiea/investor-alerts-bulletins/ia_5redflags.html
  3. https://www.investor.gov/introduction-investing/general-resources/news-alerts/alerts-bulletins/investor-alerts/updated-11
  4. https://www.sec.gov/oiea/investor-alerts-and-bulletins/investment-scam-complaints-rise-investor-alert