How Bitcoin Has Fueled Ransomware Attacks : NPR

As ransomware cases increase, cyber criminals almost always request and receive payments in cryptocurrencies such as Bitcoin. The world’s largest meat supplier, JBS, announced on Wednesday that it paid hackers $ 11 million in bitcoin in a recent ransomware attack.

Wachirawit Jenlohakit / Getty Images


Hide caption

Toggle caption

Wachirawit Jenlohakit / Getty Images


As ransomware cases increase, cyber criminals almost always request and receive payments in cryptocurrencies such as Bitcoin. The world’s largest meat supplier, JBS, announced on Wednesday that it paid hackers $ 11 million in bitcoin in a recent ransomware attack.

Wachirawit Jenlohakit / Getty Images

The problem has long preoccupied bank robbers and drug smugglers: How do you transport and hide huge sums of ill-gotten profits without getting caught?

In the past few years, ransomware hackers have come up with an almost perfect solution – cryptocurrencies like Bitcoin. It’s fast. It’s easy. The best part is that it is largely anonymous and difficult to track down.

In the most recent example, the world’s largest meat processor has JBS Announced Wednesday evening that it recently paid $ 11 million in bitcoin after a cyber attack forced the shutdown of its plants in the US, Canada and Australia. The FBI blames a Russian criminal gang for the attack.

“You now have the ability to move millions of dollars worth of cryptocurrencies across national borders in seconds,” said Yonatan Striem-Amit, a co-founder of Cybereason, a Boston-based company that provides protection from hackers.

“It really is a very powerful tool in the hands of criminals for laundering money and moving currencies from one state to another in a way that is in some ways undetectable and definitely uncontrollable.”

Until recently, much of the cybercrime involved the theft of individual credit cards or small-scale bank accounts.

“If we had talked about it two years ago, we wouldn’t be talking about Bitcoin as the predominant form of ransom payment,” said Hitesh Sheth, President of Vectra cybersecurity company in San Jose, California.

Big payments, little risk

Bitcoin and other cryptocurrencies made it possible to extort huge ransom money from large companies, hospitals and city governments. And when the cyber thieves live in countries like Russia – which many do – there is practically no chance of getting caught.

Ironically, the exchange of cryptocurrencies takes place in so-called “public ledgers”.

That means anyone can watch online. But the parties to a transaction are anonymous, disguised with a random number.

“You can see exactly how the money flows from one address and one wallet to another,” said Striem-Amit of Cybereason. “However, there is no way for us to associate one person with these wallets. And a lot of people have not just one address, one wallet, but dozens, hundreds.”

This allows hackers to move the currency from one anonymous account to another over and over again. That makes it very difficult – if not impossible – to track.

Consider the case of the Colonial Pipeline, which was hacked last month, causing gasoline supplies in the eastern United States to shut down for most of a week.

The Justice Department announced this week that the FBI has received back more than half of the $ 4.4 million ransom that Colonial paid to the hackers known as DarkSide, believed to be based in Russia.

This case marked a major breakthrough. The Justice Department said this was the first time a task force dealing with ransomware could reclaim some of the money.

An exception

Still, it’s unlikely that this will become the norm anytime soon. The FBI poured resources into the Colonial case because it was a high-profile attack that crippled a pipeline that is vital to the country’s economy.

The FBI will not be able to provide so many resources to every ransomware attack. And the cases are difficult to solve.

According to court records, the FBI worked its way through a maze of more than 20 cryptocurrency accounts to find the hackers. When it located the account, the office filed for a U.S. court order to confiscate the funds.

But then comes the real secret. Even after the FBI located the computer and had the court order, the office still needed the secret encryption key to unlock the account and capture the bitcoin.

The FBI didn’t say how it did it, and this has sparked widespread speculation and a number of possible scenarios in the cybersecurity community.

The FBI advises against ransom payments. But the decision rests with the affected company or institution, and many believe that it is better to pay and get back on track than to stay closed and go through lengthy negotiations with the hackers.

Private companies are now realizing that they need to focus more on the ransomware threat.

“Cyber ​​security has become a hot topic for corporate boards of directors in recent years,” said Hitesh Sheth of Vectra. “It’s not just about cybersecurity, like, ‘Hey, how can I stop attacks?’ It really comes down to the question “what is our ransomware strategy”. It has become very specific. “

Ransom insurance

Ransom demands and payments have skyrocketed.

“We have now seen more than $ 10 million in ransom payments from our customers with claims of $ 40, 50 and 60 million,” said Oren Wortmanwho handles cyber issues for the insurance company Beecher Carlson.

Some insurance companies no longer cover ransomware or impose a number of restrictions, he added.

“There are insurers who do not write any new business across the board,” he stated. “There are insurers who are going out of business. And there are insurers who are completely shutting out healthcare, the public sector and academia,” all of these are common targets.

In the midst of all these developments, the Biden government and some members of Congress are starting to talk about regulating cryptocurrencies. But so far it’s just talk.

Greg Myre is the NPR National Security Correspondent. follow him @ gregmyre1.

Comments are closed.