How Criminals are Holding Your Bitcoins To Ransom

Ransomware is today's cybercrime tool of choice - and bitcoins are its target

Cybercriminals will use any technology they can find to get victims' money. Recently, they have turned to bitcoins as a target, and they are using an evolving form of malicious software to force victims to pay up.

Their tool is ransomware. This software extorts victims into paying criminals, and it works in one of two broad ways.

The original ransomware focused on paranoia and guilt about the use of illicit online services.

Once it had infected a victim’s machine, it would typically display a message, supposedly from a law enforcement agency. It would tell the user that their computer had been found surfing illegal web sites (usually pornographic ones), or pirating software.

They would tell victims that their computers had been locked, and ask for a ‘release fee’ which could run into hundreds of dollars. The payment would be made via MoneyPak or some other online payment mechanism.

The whole thing was a scam, of course, and the attackers capitalized on the fact that a large proportion of victims would have conducted such activity online, or would have been gullible enough to believe that someone else had used their computers for that purpose. The scam was important because victims who believed that the malware was truly an FBI measure would be less inclined to try and recover their computer using anti-virus software.

Crypto-Ransomware

More recently, criminals have been able to dispense with this deceit altogether and be more brazen about what they were doing. Crypto-ransomware doesn’t attempt to disguise itself as a law enforcement activity. Instead, it encrypts all the files on your computer, and then tells you what it has done, demanding a payment in return for a decryption key that will unscramble your files for you.

Even if the victim ignores the payment request and removes the malware from their machine, the data will still be encrypted, making their files useless. This leaves them with no choice but to pay, and the payment method of choice these days is bitcoin.

While bitcoin existed before crypto-ransomware did, it wasn’t well known, meaning that it was a poor choice for criminals who would have a difficult time explaining to victims how to use it. Since late 2013, though, bitcoin has become more widespread, and criminals latched onto it as a means for victims to pay them.

The attacks are growing. One ransomware variant, called TorrentLocker, has been spreading via email messages claiming to be from UK government agencies. Users gullible enough to install it find their files locked up by an encryption algorithm, and are then forced to pay a fee.  

Attacks are increasing. The kind of attack that encrypts your files is still a relatively small proportion of overall ransomware, but there are enough of these attacks to cause significant financial damage. The FBI has estimated the losses from just one ransomware strain, called Cryptowall, at around $18m.

Avoiding Attack

Should you pay for the retrieval of your files if you’re targeted by crypto-ransomware?

With bitcoin such an easy form of cash to send, many people will take the bait, eager to get hold of files that may be beyond value, such as family photographs, for example.

The best thing you can do is to take the basic security precautions to stop you getting infected in the first place. These include:

  • Installing reputable anti-virus software on your machine. It may not stop every piece of malware, but it significantly reduces your chance of being infected.
  • Questioning every email. Even mails supposedly from people you know may have been spoofed – or may be sent by their computers because they are also infected.
  • Avoiding specious web sites. The more disreputable a web site, the more likely it is that it will attempt to infect you with malware, which could include ransomware.
  • Not installing anything that you don’t trust completely.

    Ransomware will evolve and expand as an attack technique because it’s working. Criminals are hell-bent on vacuuming up money wherever they can find it on the Internet, and now, bitcoin has become their payment mechanism of choice. You may not be able to avoid being targeted, but you can stop them hitting you.