“You can’t stop things like Bitcoin. It will be everywhere and the world will have to readjust. World governments will have to readjust”
– John McAfee, Founder of McAfee
The symbiotic relationship between Bitcoin and ransomware has sparked heated debates, questioning whether cryptocurrency fuels the rise of ransomware attacks. Or, whether, if the demand for untraceable payments birthed the prominence of digital currencies in illicit activities. This article, in the form of a “conversation,” delves into the complex interplay between ransomware attacks, money laundering, and the use of cryptocurrencies.
Did Bitcoin Enable Multi-Million Cybercrime Operations?
Ransomware is still the most prevalent, most devastating and most feared cyber threat. And this claim is not exaggerated, not one bit. Not only has ransomware put millions of users worldwide in despair, but it also has had a disastrous effect on major industries. Unfortunately, healthcare organizations have been a primary target of ransomware, to some extent putting patients’ lives at risk. One’s personal data, especially health records, is not a joke, and ransomware operators know that all too well to demand huge ransoms. The hospital is left with no choice but to pay the ransom, no matter its size, and go back to normal as soon as possible.
The worst part is that security engineers have been warning the community about the dangers ransomware poses but both users and organizations have failed to protect their data or minimize the risks of such attacks. One of the most scandalous crypto virus attacks happened this year at the Hollywood Presbyterian Medical Center. Because their IT systems were locked down, the hospital was forced to declare an internal emergency. This was not an isolated case, as many attacks on hospitals followed.
No matter whether the victim is a regular user, a business or an organization, ransomware cases all have something in common. Bitcoin. Even though ransomware is somewhat 20 years older than this cryptocurrency, current events drive us to think that there’s a connection between the growth of ransomware and the growth of Bitcoin.
Is There a Connection Between Ransomware and Bitcoin?
Yes, there is a connection between ransomware and Bitcoin. Ransomware attackers often demand payments in Bitcoin due to its pseudonymous nature, facilitating anonymous transactions. This connection has fueled debates about whether the prevalence of Bitcoin has influenced the rise of ransomware attacks or if the demand for untraceable payments has driven the adoption of cryptocurrencies in illicit activities.
As explained by Investopedia, Bitcoin is a digital currency created in 2009. It follows the ideas set out in a white paper by the mysterious Satoshi Nakamoto, whose true identity has yet to be verified. It also offers the opportunity of lower transaction fees than traditional online payment schemes and is operated by a decentralized authority, unlike government issued currencies. In addition, there are no physical Bitcoins, only balances associated with public and private keys. These balances are kept on a public ledger, along with all crypto transactions, verified by a massive amount of computing power.
Bitcoin also offers a secure and mostly untraceable method of working with payments. Not surprisingly, it has turned into cyber criminals’ most favorite currency, because it helps cover their activities.
Besides the obvious one (ransom demands in Bitcoin), perhaps there’s another way the two are connected. Parallel to the growth of ransomware, Bitcoin has also grown significantly, especially throughout 2016. Seeking a deeper connection between ransomware and digital currencies is a logical step, especially for the infosec community.
Security researchers definitely see a liaison between the anonymized payment mechanisms Bitcoin provides, and the growth of ransomware.
“It’s helping. I think that’s definitely true. The existence of effectively anonymised payment mechanisms definitely plays into the hands of cybercriminals,” David Emm, principal security researcher at Kaspersky Lab, for ZDNet
However, it’s still important to note that online extortion happened long before the birth of Bitcoin. But it wasn’t nearly as successful as ‘modern’ ransomware, and it’s easy to see why. The past has seen plenty of scams based on computer viruses but all of these stories had an unfortunate end for cyber crooks. For example, crooks that used traditional postal services to receive payments were easily traced and caught.
Later, cyber crooks moved to online payment systems and began using Western Union and PayPal. The fact that these systems are connected to a bank account turned out to be a big problem. Crooks could get easily arrested.
So, here we get to Bitcoin, the system that provides complete anonymity and is perfect for cybercrime.
What we just said is somewhat true, but not entirely. Yes, Bitcoin is anonymous but this is not the reason why cyber criminals are using it at such an extent. Truth be told, prepaid cards may be a better fit than Bicoin – they are anonymous and can be mailed physically and then used or resold internationally.
Furthermore, the fact that Bitcoin transactions don’t leave a trail is not true. Bitcoin does leave a trail of “pseudonymous breadcrumbs on the blockchain”:
Blockchain transactions can reveal the structure of organized ransomware crime rings, and individual hackers can be and have been caught and prosecuted.
So, why is Bitcoin preferred by cybercriminals? It’s more likely a favorite because it’s “fast, reliable, and verifiable”.
How Do Ransomware Operators Remain Anonymous?
Ransomware operators employ various techniques to remain anonymous and evade law enforcement. One key method is the use of cryptocurrencies, especially Bitcoin, for ransom payments. Cryptocurrencies provide a level of anonymity as transactions are recorded on a blockchain, but the identities of the parties involved are often pseudonymous.
Operators use techniques like Tor or other anonymizing networks to conceal their online activities and mask their locations. This makes it challenging for authorities to trace the origin of the attacks.
Furthermore, ransomware campaigns often involve the use of disposable or compromised accounts, making it difficult to link the malicious activities to specific individuals. The use of ransomware-as-a-service (RaaS) models adds another layer of complexity, as different actors may be responsible for developing and deploying the malware.
For example, let’s take a look at the well-known Cerber ransomware. Cerber operators not only demand Bitcoin payments but also run the currency through multiple Bitcoin wallets. This is what a Bitcoin money laundering scheme would look like, a form of money laundering to ensure the safety of cyber criminals.
We saw tens of thousands of victims’ Bitcoin wallets transferred into one huge wallet. From there it’s transferred to tens of thousands of other wallets. It’s called a mixing service and it’s pretty standard for Bitcoin, – Maya Horowitz, group manager of intelligence operations at Check Point, for ZDNet
A cybercriminal who doesn’t want anyone to be able to trace his money back to him, would have to take it through a mixing service. Eventually, the money will get back to him, but not before it was mixed with other money, thus becoming untraceable.
Overall, the combination of cryptocurrency use, anonymizing networks, and the deliberate obfuscation of identities makes it challenging for law enforcement to track and apprehend ransomware operators.
Conclusive Thoughts
To sum up: Bitcoin helps cyber criminals sustain anonymity and allows them to cash their ransom funds.
Bitcoin brings along other “goodies” on the table, like flexibility, and the option to easily move on to new campaigns, which further illustrates the abundance of currently active ransomware operations and the popularity of Ransomware-as-a-Service.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me:
Criminals in general prefer privately issued currencies (fiat) because they can issue themselves arbitrary amounts at any time with no public oversight. A few are using public currencies like bitcoin for petty extortion, as you describe.
Ransomware (removal, prevention, file restoration) is a topic STF is focused on, and Bitcoin is the primary payment method preferred by cybercriminals.