It’s a turbulent time in the cryptomining realm, especially for malware authors. Some big attacks and a lot of publicity has resulted in prolific groups promising to disband, even if potentially only temporarily.

Running a tight(er) ship

The mining banhammer continues to swing as China keeps putting pressure on miners to do it elsewhere. The US is tipped to become a hotspot for mining activity off the back of some of these actions, despite promises of a crackdown because of the enabling role cryptocurrency plays in ransomware attacks. India is still wondering about the ramifications of a cryptocurrency ban.

On top of all that, cryptocurrency mining away from infected desktops is suffering multiple problems. Computer part shortages are tipped to last anything up to two years. Graphics card shortages are so bad, miners are resorting to smuggling them, alongside other components.

Holding all the cards

Graphics cards are crucial for the task of mining. They’re the main source of mining muscle when it comes to making computations. In fact, large scale mining operations made up of little more than big warehouses and racks of machines crunching numbers are common. This means, of course, there are also plenty of illicit mining operations to contend with. Electricity theft, environmental impact, and the potentially dubious sourcing of equipment are all things to be considered.

Sure enough, the crackdowns keep coming.

Shutting it all down

It’s reported that Ukraine police “seized around 9,000 game consoles and computers in an illegal crypto mine”. Roughly $259,000 in electricity was stolen every month until the racket was shut down. This story has everything: Electricity meters not reflecting correct consumption, criminal proceedings in relation to electricity, thermal, and water theft, “more than 500 graphics cards” in addition to the computers and consoles…put simply, the works. The future is now, and it apparently involves drones tracking crypto thieves.

This is an astonishingly turbulent set of behind the scenes circumstances, chugging away in the background while dishonest miners try to make a living. That’s before we get to the volatile nature of Bitcoin’s value, seemingly nudged by memes and random tweets.

Throw in Vladimir Putin agreeing with Joe Biden to do something about ransomware emanating from Russia, and things feel a bit like they’re rushing towards a tipping point for criminals. No matter where miners pop up, the method of distribution is being observed, analysed, and shut down.

Ransomware’s weak link?

Back in the days when adware was at its peak, at some key point bundles became too problematic, too many people were yelling about it, too many cases went legal. In short, it was safer to abandon ship and move into other areas. Fake anti-spyware “You’re infected!” messages were everywhere at one point. In time, that style of trickery slowly became replaced by ransomware as the go-to method for fakeouts and extortion.

Arguably, ransomware couldn’t exist in its current form without pseudonymous cryptocurrencies like Bitcoin and Monero. But the transparency that gives these blockchain-based currencies their strength is arguably their biggest weakness too. Transactions are public, traceable, and available for forensic analysis forever—they’re just hard to link to individuals.

In June, the Wall Street Journal reported that the White House was “pushing to better trace ransomware payments.” At around the same time, the US Department of Justice successfully retrieved most of the ransom payment made in the Colonial Pipeline attack after tracing the passage of the payment through the Bitcoin blockchain. A week later the Cl0p ransomware gang’s money laundering operation was raided by Ukrainian police thanks to similar cryptocurrency tracing.

Ransomware payments have clearly been identified as a weak link, and while transactions on blockchains are frozen in time, the software and hardware used to analyse them improves with the passage of Moore’s law.

Ransomware gangs and scammers have had a fine old time of it up until now but it’s becoming increasingly hard to ignore the real-world battleground cryptocurrencies finds themselves in. Some of these changes and ramifications will almost certainly impact on their online activities. The question is, will they weather the storm, or is the rug slowly being pulled out from under the feet of criminal cryptocurrency activity as the risk becomes too great?