Why ransomware criminals use Bitcoin and why that could be their undoing.
Last week's major ransomware attack put Bitcoin back into spotlight. With that comes questions about what Bitcoin is, how it works, and why it is apparently favored by ransomware hackers.
Coin Center director of research Peter Van Valkenburgh was on the Marketplace radio show yesterday to talk through these questions. On why hackers are using Bitcoin, he said:
"The efficiency of the network is what criminals are really using it for here. It's electronic cash, so it’s easy to write software that can automatically demand payment and automatically demand that payment has been made."
He goes into more detail on what that means in his blog post, "Why Bitcoin is not the root cause of ransomware:"
"Bitcoin is particularly useful here because it’s fast, reliable, and verifiable. The hacker can simply watch the public blockchain to know if and when a victim has paid up; she can even make a unique payment address for each victim and automate the process of unlocking their files upon a confirmed bitcoin transaction to that unique address.
The truth is that criminals have, as usual, very strict design parameters for the tools they use because there’s no tech-support, contract, or legal recourse for a criminal whose tools fail to perform as they should. Criminals are using Bitcoin in this case because it’s a reliable system that just works. Ransomware hackers are rather like the proverbial rumrunners of prohibition: they like fast custom cars because almost everyone else is still driving a Model T."
Of course, as many have pointed out, there is an inherent problem with the choice to use cryptocurrency in this attack. The open, transparent, nature of bitcoin blockchain transactions means that the global community is closely watching the ransom money. This is going to make converting it into fiat currency pretty difficult to get away with. As Peter told the International Business Times:
"In the US, every major bitcoin exchange is regulated by FINCEN. Right now the $50,000 extorted from victims is just sitting on the bitcoin network...that [exchange into local currency] is where you're vulnerable to being identified."
We’ve detailed how law enforcement can use the bitcoin blockchain to track criminals before and have already seen high profile cases in which blockchain forensics exposed criminals. All they need to do is slip up once and a global community of professional and enthusiast cyber crime fighters will jump on them.
Link / Tweet