You know a ransomware attack the instant you see it. A notice takes over your computer display, informing you that your critical files are locked away. You can get them back—but only by paying the attacker a fee, usually thousands of bitcoin.
1. Adapted from the Proofpoint Ransomware Survival Guide
Ransomware and
2. Since its debut in 2009, Bitcoin
has been a boon to civil libertarians
and cyber criminals alike. Payments
can’t be traced back to sender or
recipient. That makes Bitcoin an
anonymous, friction-free way to
transact private commerce.
This flipbook explains why the
cryptocurrency has been so popular
with ransomware, an old attack that
has come roaring back to life in
recent months.
3. How Bitcoin and other
cryptocurrencies work
Think of this form of currency as equivalent to
a virtual casino chip.
These “coins” have no intrinsic value in the
real world.
Like a casino chip, though, users can purchase
the tokens with real world, local currency, and
use them within the establishment – in this case
the internet – and trade them in for real currency
upon exiting.
4. Bitcoin’s appeal
Bitcoin is globally available and highly liquid
• It converts directly into local currency
• If offers low transaction fees
• It’s faster than checks, wire transfers, and,
in some cases, credit cards
Unlike government-backed currency,
cryptocurrencies are not considered money
• Bitcoins are lightly regulated
• Transmission methods and the “tumbler”
system are not considered laundering –
even thought they are essentially the same
concept
• The upshot: transactions are hard to trace
5. Why it’s so popular in
ransomware
In traditional kidnapping for ransom, the
biggest challenge has always been collecting
and getting away with the ransom itself.
Earlier forms of ransomware might have
required a pre-purchased debit card. While
this approach can bypass banks’ anti-fraud
measures, it’s cumbersome on both sides of
the transaction.
Bitcoin solves the problem with a fast,
untraceable payment system that makes
ransoms much easier to pay—and for cyber
criminals, much safer to collect.
6. Anatomy of a
ransomware payment
Here’s how a typical ransomware payment works:
1. Cyber criminals infect the victim with
ransomware, which demands a ransom to be
paid in Bitcoin.
2. The victim purchases number of bitcoins
demanded from one of countless legitimate
Bitcoin exchanges.
3. The victim transfers the bitcoins from his or
her Bitcoin wallet to an anonymous Bitcoin
address
4. The coins enter a “tumbler.” This electronic
service mixes bitcoins in with others, making
them untraceable.
5. The coins transfer to the attacker. Much like
real world laundering, the attacker ends up
with an untraceable payment.
7. Following the money
By demanding payment in Bitcoin, cyber
criminals get anonymity that makes collecting
ransoms far easier than before.
It’s no wonder that all major variants of
ransomware require payment in Bitcoin.