“We have your private data. Send us $300 or we’ll destroy all of it.” That’s not a message you ever want to receive.
In the past few years, hundreds and thousands of users – people like you and me – have fallen victim to anonymous cyber-ransom attacks that have resulted in millions of stolen dollars. The scary part is that these attacks are more prevalent and more effective now than ever before.
Yet most people aren’t even aware that these attacks are even possible.
The Growing Threat of Cyber Extortion
Cyber extortion isn’t anything new. Back in 2007, Nokia paid millions of euros to extortionists to make sure that an encryption key for their Symbian OS would not be released to the public. It was a high price to pay, but apparently the cost was worth it. The damage from releasing the encryption key would’ve been even more expensive.
In late 2013, a Trojan known as CryptoLocker – also known as the nastiest malware ever – began to spread across Windows computers. Once infected, the victim’s private files would be encrypted and locked with a key only known to the attackers. A ransom was offered to decrypt the files in exchange for payment made in Bitcoins. A simple but devastating attack.
These ransom-based attacks, colloquially known as ransomware attacks, come in many forms, the most popular being a distributed denial-of-service (DDOS) attack whereby the extortionist overloads a particular website or service, rendering it unavailable until the ransom is paid. If the extortionist can figure out what you don’t want happening, they can use it against you.
If you fall victim to one of these, don’t pay just yet. There may be ways for you to beat ransomware attacks.
Extortion has the reputation of being an organized crime, but with the advent of cyber extortion the game is no longer just for the Mafia. Such attacks could be perpetrated by as few as one person, which makes it all the more threatening.
Next Level Extortion: Bitcoin Shakedown Scam
More recently, cyber-ransom hopped off the Internet and began targeting brick-and-mortar stores, suddenly blurring the line between online and offline extortion.
Last month, a pizza restaurant named 900 Degrees Neapolitan Pizzeria received a ransom notice in their mail. In it, they were encouraged to pay 1 Bitcoin (~$625 USD) to an anonymous address within a 2-month deadline or else they would be the target of “negative online reviews,” “telephone denial-of-service,” “Better Business Bureau complaints,” and even “bomb threats.”
What’s interesting is that there is no rhyme or reason behind the victim selection. According to the ransom notice, “The selection process is random and was not triggered by any event under [the business owner’s] control.” Without a definite motive, it becomes harder to track down the people behind this scam and impossible to know who the next victim will be.
The genius of this scam is that it preys on small businesses for which online reviews and solid reputations are more valuable than a few hundred dollars. Furthermore, postage is cheap and envelopes even cheaper, which means that these attacks cost almost nothing for extortionists and they profit plenty.
But the greatest genius of this scam is its use of Bitcoins as its primary mode of monetary transfer. If you’re targeted by this shakedown scam, there’s actually little you can do about it, and the reason is Bitcoin.
Why Cyber Extortion Is So Hard to Defeat
Bitcoin is an anonymous and decentralized digital currency that was designed to escape financial regulation. It’s a concept that seems great in theory, but one major drawback to nonexistent financial regulation is the difficulty of tracing and preventing financial crime.
Prior to Bitcoin and other digital coins like it, extortionists had no choice but to deal in physical cash or digital debit. Cash is marked with serial numbers that can be flagged and tracked. Digital debit transactions can be followed back to a source. Neither is foolproof, of course, but extortionists have always had to deal with a “paper trail” when spending the money they stole.
Due to Bitcoin’s anonymity and decentralization, it has become the currency of choice for cyber-criminals. But there’s another layer to it.
Bitcoin has no barrier to entry. Anyone can set up a free Bitcoin wallet address without having to deal with bankers, proof of identity, evidence of residence, taxes, etc. In many cases, this convenience is desirable. However, in this particular case, it means that anyone can jump in on the cyber-ransom game and cash out without much interference.
All that being said, Bitcoin itself is not to blame. Bitcoin itself is not evil. Digital currencies can be used in legitimate ways for legitimate reasons. However, it cannot be denied that Bitcoin’s design does make it much easier to carry out cyber-crimes with far lesser risk than traditional tactics would entail.
What can be done about cyber-ransoms and extortions? I’ll leave that up to the security experts to solve. However, it’s still important that we become aware of the issue and try to educate those who don’t know about it. Share with us your thoughts on Bitcoin and cybercrime by commenting below!