While ransomware attackers have increasingly demanded privacy-focused cryptocurrencies like Monero, the difficulty in obtaining it has kept Bitcoin as the primary form of payment. Monero, once favored for its enhanced privacy and untraceable nature, has become much more expensive and challenging to acquire over the past year. These barriers have made it impractical for many victims to meet Monero demands, and as a result, attackers are often willing to drop their insistence on Monero once they understand the logistical hurdles. In most cases, explaining the difficulty or unavailability of Monero is enough to push threat actors back to accepting Bitcoin, which remains more accessible and widely traded.

This dynamic has led to a significant reduction in ransomware payments made in anything other than Bitcoin. While attackers may initially demand Monero for its anonymity, they generally prefer swift payment and are willing to compromise when faced with practical challenges. However, threat actors still find ways to anonymize traceable Bitcoin by using tools like mixers. These services “launder” Bitcoin by mixing it with other transactions, making it nearly impossible to trace the destination. This process comes with a transaction fee however, which is another reason attackers often push for anonymous cryptocurrencies like Monero.