We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Yesterday, blockchain and transaction analysis provider, Chainalysis, launched its Crypto Incident Response tool, a new service designed to support enterprises that have been breached by threat actors who have demanded a cryptocurrency ransom.
In the event of a breach or ransomware attack where cryptocurrency funds are demanded or stolen, the victim organization can contact Chainanalysis’ team of advisors and data scientists via a 24/7 hotline, who will then trace the funds and label them for recovery.
This relatively new approach of combining cryptocurrency protection with incident response provides enterprises with a tool they can utilize in attempts to recoup lost or stolen funds.
Why are crypto incident response services emerging now?
The release of the crypto incident response solution comes as the number of ransoms paid by enterprises continues to increase.
Research shows that in 2021 alone, payments tied to ransomware attacks totaled $590 million, compared to $416 million in 2020.
One of the main reasons for the high level of payouts is the evolution of the ransomware-as-a-service (RaaS) industry, and how skilled attackers are becoming at identifying, encrypting and exfiltrating critical data assets to gain maximum leverage over their victims.
Victims of these cyberattacks not only have to worry about the tremendous cost of a ransomware attack, which can cause upfront disruption — they also have to worry about advanced techniques and what may happen next when or if attackers threaten to leak the data they have accessed publicly.
The increasing landscape of threats has contributed to the average cost of a ransomware breach totaling about $4.62 million in 2021.
How crypto incident response services can help protect enterprises
While there are many anti-ransomware solutions, crypto incident response services are unique as they can provide support to enterprises that have been “checkmated” into paying a ransom demand by a threat actor.
“After an incident such as a hack, ransomware attack, code exploit, or flash loan attack occurs and cryptocurrency funds are either demanded or stolen, the victim can contact the 24/7 Chainalysis Crypto Incident Response hotline,” said Erin Plante, senior director of investigations and special programs at Chainalysis. “Chainalysis will then assign a dedicated team of experts leveraging advanced investigative capabilities to work around the clock and side-by-side with the victim organization. If needed, the Chainalysis team can help liaise with law enforcement and asset recovery counsel.”
By offering this service, Chainalysis aims to provide a way for organizations to respond immediately. This allows enterprise teams — if they’re ever put in the position of being forced to pay a ransom — to begin tracing the funds immediately, with support for and the potential to recoup some of the funds.
Calling upon an incident response team to trace the stolen funds provides organizations with another tool they can use to either reduce the leverage of an attack in the early stages of a ransomware attack or to run damage control and attempt to trace their funds after a ransom has been paid.
The crypto incident response market
The launch of this service comes as the wider incident response market continues to grow, with researchers valuing the market at $3.48 billion in 2020. It is anticipated to reach $10.13 billion by 2026 as more organizations look for external support to detect and respond to security incidents.
It’s important to note that Chainalysis isn’t the first provider to offer an incident response service tailored to crypto theft, but the market as a whole remains in its infancy.
One of the organization’s most comparable competitors is blockchain investigation agency, CipherBlade offers incident response and investigation services that can monitor crypto movements in real-time to help seize and recover stolen funds of over $100,000.
CipherBlade’s crypto incident response service reportedly helped Ian Balina, an influential blockchain and cryptocurrency investor, to recover his funds after attackers stole $2 million in crypto. The organization also works with crypto exchanges and wallet providers including Bittrex, Bitbuy, Coinomi, EtherDelta, Changelly, ShapeShift, Shakepay and My Crypto.
While there are other similar less-defined incident response services that dabble in crypto recovery services, Chainalysis and CipherBlade stand as two of the most comprehensive in terms of asset recovery.
Although, Plante argues that Chainalysis’s data pedigree is what sets it out from competitors, leveraging more than seven years of historical blockchain data to maximize the chance of being able to trace stolen funds.