“You can’t stop things like Bitcoin. It will be everywhere and the world will have to readjust. World governments will have to readjust”
– John McAfee, Founder of McAfee
A: Most likely.
At this very moment, ransomware is the most prevalent, most devastating and most feared (malicious) cyber threat. And this claim is not exaggerated, not one bit. Not only has ransomware put millions of users worldwide in despair, but it also has had a disastrous effect on major industries. Unfortunately, healthcare organizations have been a primary target of ransomware, to some extent putting patients’ lives at risk. One’s personal data, especially health records, is not a joke, and ransomware operators know that all too well to demand huge ransoms. The hospital is left with no choice but to pay the ransom, no matter its size, and go back to normal as soon as possible.
The worst part is that security engineers have been warning the community about the dangers ransomware poses but both users and organizations have failed to protect their data or minimize the risks of such attacks. One of the most scandalous crypto virus attacks happened this year at the Hollywood Presbyterian Medical Center. Because their IT systems were locked down, the hospital was forced to declare an internal emergency. This was not an isolated case, as many attacks on hospitals followed.
No matter whether the victim is a regular user, a business or an organization, ransomware cases all have something in common. Bitcoin. Even though ransomware is somewhat 20 years older than this cryptocurrency, current events drive us to think that there’s a connection between the growth of ransomware and the growth of Bitcoin.
How much do we know about Bitcoin?
As explained by Investopedia, Bitcoin is a digital currency created in 2009. It follows the ideas set out in a white paper by the mysterious Satoshi Nakamoto, whose true identity has yet to be verified. It also offers the opportunity of lower transaction fees than traditional online payment schemes and is operated by a decentralized authority, unlike government issued currencies. In addition, there are no physical Bitcoins, only balances associated with public and private keys. These balances are kept on a public ledger, along with all crypto transactions, verified by a massive amount of computing power.
Bitcoin also offers a secure and mostly untraceable method of working with payments. Not surprisingly, it has turned into cyber criminals’ most favorite currency, because it helps cover their activities.
Is there a connection between ransomware and Bitcoin?
Besides the obvious one (ransom demands in Bitcoin), perhaps there’s another way the two are connected. Parallel to the growth of ransomware, Bitcoin has also grown significantly, especially throughout 2016. Seeking a deeper connection between ransomware and digital currencies is a logical step, especially for the infosec community.
Security researchers definitely see a liaison between the anonymized payment mechanisms Bitcoin provides, and the growth of ransomware.
“It’s helping. I think that’s definitely true. The existence of effectively anonymised payment mechanisms definitely plays into the hands of cybercriminals,” David Emm, principal security researcher at Kaspersky Lab, for ZDNet
However, it’s still important to note that online extortion happened long before the birth of Bitcoin. But it wasn’t nearly as successful as ‘modern’ ransomware, and it’s easy to see why. The past has seen plenty of scams based on computer viruses but all of these stories had an unfortunate end for cyber crooks. For example, crooks that used traditional postal services to receive payments were easily traced and caught.
Later, cyber crooks moved to online payment systems and began using Western Union and PayPal. The fact that these systems are connected to a bank account turned out to be a big problem. Crooks could get easily arrested.
So, here we get to Bitcoin, the system that provides complete anonymity and is perfect for cybercrime.
What we just said is somewhat true, but not entirely. Yes, Bitcoin is anonymous but this is not the reason why cyber criminals are using it at such an extent. Truth be told, prepaid cards may be a better fit than Bicoin – they are anonymous and can be mailed physically and then used or resold internationally.
Furthermore, the fact that Bitcoin transactions don’t leave a trail is not true. Bitcoin does leave a trail of “pseudonymous breadcrumbs on the blockchain”:
Blockchain transactions can reveal the structure of organized ransomware crime rings, and individual hackers can be and have been caught and prosecuted.
So why is Bitcoin preferred by cyber criminals? It’s more likely a favorite because it’s “fast, reliable, and verifiable”.
Q:So, what does a ransomware operator have to do to remain anonymous?
Let’s take the Cerber ransomware campaign. Cerber operators not only demand Bitcoin payments but also run the currency through multiple Bitcoin wallets. This is what a Bitcoin money laundering scheme would look like, a form of money laundering to ensure the safety of cyber criminals.
We saw tens of thousands of victims’ Bitcoin wallets transferred into one huge wallet. From there it’s transferred to tens of thousands of other wallets. It’s called a mixing service and it’s pretty standard for Bitcoin, – Maya Horowitz, group manager of intelligence operations at Check Point, for ZDNet
To further explain: a cyber-criminal who doesn’t want anyone to be able to trace his money back to him, would have to take it through a mixing service. Eventually, the money will get back to him, but not before it was mixed with other money, thus becoming untraceable.
To sum up: Bitcoin helps cyber criminals sustain anonymity and allows them to cash their ransom funds
Bitcoin brings along other “goodies” on the table, like flexibility, and the option to easily move on to new campaigns, which further illustrates the abundance of currently active ransomware operations and the popularity of Ransomware-as-a-Service.