Bitcoin is Driving the Ransomware Boom & Private Equity is Investing in Cybersecurity

In early May, a cyberattack at Colonial Pipeline prompted chaotic gas shortages up and down the East Coast. In early June, a similar hack wreaked havoc on the operations of JBS, one of the world’s largest meat processors. Both were examples of the rapidly growing trend of ransomware—virtual attacks where criminals hold a company’s systems hostage until a payoff is made, often in the untraceable form of bitcoin.

For corporations in every sector, these high-profile incidents have highlighted the ever-increasing need to make sure that digital infrastructure is properly protected from black-hat hackers.

Ransomware, a program that hackers use to hold digital information hostage, has become a top choice of malware for criminals in recent years. In 2020, the total amount of ransom paid by victims reached nearly $350 million worth of cryptocurrency, a 311% increase compared with the previous year, according to Chainalysis.

Ransomware has grown into a multibillion-dollar industry. A majority of the ransom is paid to a relatively small number of highly organized groups of criminal organizations with names such as Evil Corp. or DarkSide. According to Chainalysis, 199 deposit addresses received 80% of all ransoms paid in 2020, while an even smaller group, 25 addresses, accounted for nearly half.

There remains a lot more work to be done, especially when it comes to critical infrastructure. Roughly 85% of America’s critical infrastructure is privately owned, and the private sector is not required to follow the strict cybersecurity guidelines set by the government.

“We’ve got electric grids in this country, we have water systems, we have pipelines. We have a lot of critical infrastructure that is really open to some of these ransomware attacks and cyberattacks,” said Katko. “And we need to do a much better job than that.”

When it comes to the future of ransomware attacks, many experts agree: It is far from over.

According to former CEO of Symantec, Greg Clark, the connection of many ransomware hackers to foreign governments and the untraceable nature of bitcoin are two contributing factors to the danger of this particular form of attack.

“I think we’ve got a ways to go on this problem before we can solve it,” the industry veteran said. “A lot of it is international-legislation related. You can’t launder that money, even though we have an anonymous cryptocurrency now, without drawing serious attention from banking institutions and bigger players in some countries. So, it is bolstered by an anonymous currency, but even without that, it would still be happening. And it really is driven by the fact that we don’t have control over legislation in some of these places where it creates a safe harbor for some of these criminals.”

Bitcoin, as a global decentralized digital currency, has made it much easier for criminals to collect ransom payments and harder for authorities to trace, let alone recover — although, as recent government efforts have shown, recovering digital ransom payments is not impossible. Ransoms were paid, the attackers got away with them, which cycle is then repeated over time and with more money. Cybercriminals have evolved into sophisticated criminal enterprises, offering ransomware-as-a-service to partners and creating what some experts liken to franchises. All of which makes ransomware more accessible to attackers who might otherwise not have had the know-how or payment mechanisms.

Experts have indicated that the hackers behind both the Colonial Pipeline and JBS attacks have ties to Russia. Ransomware is also part of the toolbox for North Korea’s hacking army.

The seismic shift to work-from-home that began last year spurred broad new demand for security services. As the number of remote users, mobile devices and access points to data in the cloud increases, companies need more robust protection, said Brendan Burke, an emerging tech analyst at PitchBook.

The private equity industry is pursuing investments in cybersecurity like never before. Globally, last year brought 116 buyouts in the space and 49 private equity growth investments, both of which were new annual highs, according to PitchBook data. The combined value of those deals reached $19.2 billion, which was 92% higher than any other year on record with the exception of 2016, which was caused in part by Silver Lake’s involvement in Dell’s $67 billion acquisition of EMC.

The surge is continuing in 2021, with PE investors on pace to set new records for both deal count and deal value in cybersecurity. In April, Thoma Bravo announced what will be the largest buyout ever in the space, again per PitchBook data, striking a deal to buy Proofpoint for $12.3 billion.

A simple explanation for the trend is that private equity firms are following the money. As the risk of ransomware attacks and other threats becomes difficult to ignore, companies are increasing expenditures on cyber safety—which is great for the business of those other companies trying to ensure that safety.

According to a recent article in Forbes, plenty of private equity firms are pursuing cybersecurity investments these days, with Thoma Bravo, KKR, TPG Capital, and Insight Partners among the other firms that have struck headline-grabbing deals in recent years. But there are few PE shops out there focused solely on the industry.

Venture capital is flowing into cybersecurity companies at a torrential pace. Less than six months into the year, cybersecurity startups have raised $9.9 billion globally, 96% of the total raised in 2020, according to PitchBook data. Meanwhile, the average valuation of the companies raising funds has more than doubled to $475 million.

CipherTrace, a security firm that tracks crypto crimes, has closed a $27.1 million Series B round of funding led by Dan Loeb’s Third Point Ventures, according to CoinDesk.

“It’s a good time to be in our space,” CipherTrace CEO Dave Jevans told CoinDesk in an interview. He said in the wake of the recent ransomware attacks, the firm has experienced an uptick in business from recovery firms, government agencies, law firms and insurance companies. Banks too. “We’re seeing a lot of growth in basically everything we’re doing now.”

Investment in cybersecurity technologies is critical – especially as we undergo dramatic investment in infrastructure – the very bridges, electrical grids, water plants need to be safeguarded, as these are amongst the most at risk.