For Ransom, Bitcoin Replaces the Bag of Bills

Uploaded on 2015-08-04 in NEWS-News Analysis, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial

26db-ransom-web-popup.jpg

A screengrab of a message sent by a hacker demanding Bitcoins for unlocking encrypted files.

In the old days, criminals liked their ransom payments in briefcases full of unmarked bills. These days, there’s a new preferred method for hostage takers: the virtual currency Bitcoin. In a modern day version of a mob shakedown, hackers around the world have seized files on millions of computers, taken down public websites and even, in a few cases, threatened physical harm. The victims, who have ranged from ordinary computer users to financial firms and police departments, are told that their only way out is through a Bitcoin payment that is sometimes more than $20,000.

One set of attackers, believed to be based in Russia and Ukraine, collected about $16.5 million in Bitcoins in a little over a month, primarily from victims in the US, according to the security firm Sophos.

Criminals like the virtual currency because it can be held in a digital wallet that does not have to be registered with any government or financial authority — and because it can be easily exchanged for real money. At the moment, a single Bitcoin can be sold online or on the street for around $290.

Bitcoin, which was released by an anonymous creator in 2009, has recently been gaining mainstream appeal. Start-ups in the industry have won investments from big names like Goldman Sachs and the New York Stock Exchange, which have praised the technology as a faster, more efficient way to complete financial transactions.

But the proliferation of ransom demands has provided an unhappy reminder of the virtual currency’s continuing appeal to the criminal underworld, long after the authorities shut down the online drug bazaar, Silk Road, where heroin and cocaine were sold using Bitcoin.

The latest reminder of Bitcoin’s underbelly came last week with the arrest of two Florida men. The authorities said victims of malware were steered to Coin.mx, a site run by the two men, to buy the Bitcoins to pay the ransom demanded by the malware. The complaint suggested that the criminals also used the site to launder their proceeds.

A police department in New Hampshire that was hit by CryptoWall in June 2014, refused to hand over the ransom and was able to revert to backup files. But more recently, police departments in Dickson County, Tenn., and Tewksbury, Mass., have said that they chose to pay the roughly $500 ransom rather than deal with the headache of trying to circumvent the hackers.
Beyond these attacks, extortionists went after two longtime Bitcoin advocates last year, threatening to exploit personal information about the men’s families if they did not pay up.

Some leaders in the Bitcoin community have suggested potential ways to fend off the ransom threats, digitally marking any coins used for ransom payments, similar to how dollar bills used in hostage situations are marked with invisible dye.
But such solutions have been held up because of the value that many Bitcoin believers have put in the virtual currency’s unfettered free movement.
NYT: http://nyti.ms/1KNVnTi

« Google Gives Customers Control of Encryption Keys
3D Xpoint Memory: Faster-than-flash Storage »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BH Consulting

BH Consulting

BH Consulting we are a vendor independent consulting firm providing market leading range of information security services focused on data protection and cybersecurity.

Dubai Electronic Security Center (DESC)

Dubai Electronic Security Center (DESC)

Dubai Electronic Security Center (DESC) was founded to develop and implement information security practices in Dubai.

KeepSolid

KeepSolid

KeepSolid is a Virtual Private Network services provider offering secure encrypted access to the internet.

Indusface

Indusface

Indusface offers best website security, web application firewall and SSL certificate to keep your online business much safer.

PT Netmarks Indonesia

PT Netmarks Indonesia

PT Netmarks Indonesia is an IT solutions provider offering services related to ICT infrastructure, digital transformation and cyber security.

HCL Technologies

HCL Technologies

HCL offer an integrated portfolio of products, solutions and services built around Digital, IoT, Cloud, Automation, Cybersecurity, Analytics, Infrastructure Management and Engineering Services.

CYE

CYE

Utilizing data, numbers, and facts, CYE helps security leaders know what business assets are at risk and execute cost-effective remediation projects for optimal risk prevention.

Inflexor Ventures

Inflexor Ventures

Inflexor Ventures is a technology focused venture capital firm that invests in early stage companies from seed to Series-A+ stages.

EnigmaSoft

EnigmaSoft

EnigmaSoft is known for its PC anti-malware remediation utility and service under the tradename SpyHunter.

ShardSecure

ShardSecure

ShardSecure Microshard technology eliminates data sensitivity, providing security, privacy and compliance beyond encryption.

Lucidum

Lucidum

The Lucidum platform helps you assess risk and mitigate vulnerabilities by finding and correlating data from your security tech stack.

Securonix

Securonix

Securonix delivers a next generation security analytics and operations management platform for the modern era of big data and advanced cyber threats.

CaseMatrix

CaseMatrix

Discover a new era of legal intelligence with CaseMatrix. We identify potential class action cases arising from cyber incidents and data breaches.

TrustMe

TrustMe

TrustMe’s integrated platform for business trust and resilience keeps organizations safe, secure, and trustworthy.

CyberSec Vietnam

CyberSec Vietnam

The CyberSec Vietnam Conference on 13 June 2024 in Ho Chi Minh City focuses on the critical pursuit of building trust in digital networks and fortifying Vietnam's cybersecurity ecosystem.

Secure Blink

Secure Blink

Secure Blink provides automated application and API security solutions that empower developers and security engineers to protect critical assets from exploitation.