Bitcoin is Not the Root Cause of Ransomware

Coin Center research director Peter Van Valkenburgh discusses bitcoin's involvement in a new string of ransomware attacks.

AccessTimeIconMar 5, 2016 at 5:28 p.m. UTC
Updated Aug 18, 2021 at 4:38 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Ransomware has been around for a while – turns out it's about 20 years older than bitcoin – but it's been in the news again recently because of a particularly upsetting case involving a Los Angeles Hospital.

Most types of ransomware software "lock" the files on a victim's computer by encrypting them with a key that the hackers withhold until a ransom payment is made. In the early days of these tools, payment was typically made with wire transfer, prepaid cards or by SMS and mobile payments.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • Now payment is almost always demanded in bitcoin.

    You might think that this is because bitcoin is an "anonymous" payment method, and that hackers love it because they don't have to worry about being identified and ultimately caught. That's not actually why bitcoin is a good fit. Prepaid cards are actually more anonymous because they can be mailed and then used or resold internationally with effectively no trace.

    Bitcoin transactions, however, leave a trail of pseudonymous breadcrumbs on the blockchain, and if the hacker tries to cash out into local currency, she might accidentally put a name or an IP address to those pseudonyms and give herself away. Blockchain transactions can reveal the structure of organized ransomware crime rings, and individual hackers can be and have been caught and prosecuted.

    No, bitcoin is particularly useful here because it's fast, reliable, and verifiable.

    The hacker can simply watch the public blockchain to know if and when a victim has paid up; she can even make a unique payment address for each victim and automate the process of unlocking their files upon a confirmed bitcoin transaction to that unique address.

    The truth is that criminals have, as usual, very strict design parameters for the tools they use because there's no tech-support, contract or legal recourse for a criminal whose tools fail to perform as they should.

    Jumping to solutions

    Criminals are using bitcoin in this case because it's a reliable system that just works. Ransomware hackers are rather like the proverbial rumrunners of prohibition: they like fast custom cars because almost everyone else is still driving a Model T.

    As problematic and sad as these attacks are, it’s important to carefully understand what’s happening so that we don’t jump to "solutions" that wouldn't solve the problem and could even make us less secure over time.

    Three ingredients make ransomware the problem it is, and these things are just as true whether the victim is your Aunt Alice or a hospital or police station:

    1. Hackers gain unauthorized access to a computer with read/write permission over sensitive or valuable data
    2. Hackers place malware on that computer to encrypt its files using strong cryptography and a key which only they control
    3. Hackers use Bitcoin to receive payment in exchange for the key.

    Cryptography and bitcoin are the "sexy" parts of that trifecta, and accordingly, they get most of the media attention.

    The root problem though, is number one: unauthorized access.

    Security and privacy

    In the hospital context, for example, it's already a security and privacy disaster that random hackers in Russia can access, read, modify and delete all of your sensitive medical records.

    Whether the hacker then encrypts the files, or demands a ransom is a secondary issue; the damage is already done. Failing to keep those records private and safe puts patients in danger of discrimination, personal blackmail, and, of course, poor or compromised care.

    So, to be very, very clear, the problem of ransomware begins with bad security.

    Everyone – and especially employees of vulnerable institutions – needs to take the security of sensitive records more seriously; we all need to better understand phishing emails and other social engineering tactics that can be used by hackers to gain access to sensitive information.

    This is a problem that's been around as long as the Internet, and yet the solutions are actually fairly straightforward: use strong passwords, don’t share your passwords with anyone (even people sending you official-looking emails) and don’t open suspicious email attachments from senders you don’t know.

    Additionally, of this three-part problem, both cryptography and cryptocurrencies have entirely legal and even essential applications that make us more secure.

    The first part, unauthorized access caused by poor security, has no upside.

    Looking for a scapegoat

    If we’re looking for a way to stop these attacks we need to target weaknesses in our privacy infrastructure, not the tools that some may use to exploit those weaknesses.

    We need to use https encryption by default; we need to understand and practice two-factor authentication; we need to talk about password managers and what makes a strong password; and we need to think about payment systems that don’t consistently hemorrhage our personal identifying information.

    Ignoring this problem of unauthorized access and putting the blame on cryptography and cryptocurrencies will not stop ransomware. In fact, outlawing or compromising these tools will make ransomware significantly worse.

    Such policies would discourage honest individuals from learning about and utilizing the very technology that could make them safe; while criminals in darker corners of the world, the sophisticated rumrunners with strict design standards, would continue to use these powerful tools for evil.

    This article originally appeared on Coin Center and has been republished here with the author's permission.

    Crime image via Shutterstock

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.



    Read more about