The Bitcoin Ransom
In a quiet corner of the underworld, criminals are demanding Bitcoin and victims are struggling to find places to get it safely and discreetly.
Before Jean-Pierre and his fiance Nadine left their quiet village on the foothills of the Swiss Alps for their honeymoon in South America, they had done as much research as they could to prepare for the trip.
And while they had heard horror stories about kidnapping in places like the Dominican Republic, some of their friends who had visited, only had the nicest things to say about the place.
So when Jean-Pierre woke up one idyllic morning at his resort in Puerto Plata, he was surprised to see that his fiance was not lying by his side. Assuming she must have gone for an early morning jog or swim, he looked out from his balcony, taking in the sweeping views of powdery white sand beaches and the seemingly endless emerald waters of the Atlantic.
But when Nadine had still not returned by lunchtime, he started to feel a little worried.
And when he couldn’t reach her on her mobile, he started to become slightly frazzled. It wasn’t like Nadine to leave without so much as even a message.
When Jean-Pierre finally got a text message from an unknown number, his blood froze — Nadine had been kidnapped and whoever had abducted her was demanding Bitcoin to secure her release.
Up to that point, Jean-Pierre had never even heard of Bitcoin.
Desperate, he rushed to the police station in Puerto Plata, hoping for some form of help.
Strangely, the police did not seem surprised at all that Nadine had been kidnapped, nor that her kidnappers were demanding Bitcoin.
Instead of asking Jean-Pierre for details surrounding her disappearance, they rather nonchalantly directed him to several stores across the street from the police station, which were selling Bitcoin and advised him to pay the kidnapper’s ransom.
Jean-Pierre made his way across the street and realized that the amount the kidnappers were demanding for Nadine was about 300 Swiss francs, just over US$300 to secure her release.
After paying for the Bitcoin and having the same deposited into an address provided by the kidnappers, just thirty minutes later he received another text message from the same number, telling him that Nadine would be returned to the resort in the next hour.
An hour later, Nadine, visibly shaken, but otherwise unscathed, was waiting anxiously for Jean-Pierre in the lobby of their resort.
Jean-Pierre and Nadine’s experience was far from unique, nor are such ransoms being confined to unsuspecting tourists either.
Bully For Bitcoin
Across the United States and the rest of the world, cybercriminals have been holding key installations and essential databases hostage, asking for ransoms in Bitcoin in amounts large enough so as to be worth their while, but small enough for their victims to dispense with, without resorting to the rigmarole of relying on law enforcement.
From the city government of New Orleans and maritime cargo facilities in Los Angeles, to hospitals which have had their patient databases frozen and small business owners and individuals — in recent years, hackers have taken to locking down entire computer networks and demanding payment in Bitcoin to let users back into their systems.
The frequency of ransomware attacks has been hard to estimate, mostly because many victims quietly pay off their attackers without notifying the authorities.
And in most cases, authorities, already swamped by their caseloads, have neither the capacity nor the capability, to deal with the deluge of cyberattacks.
By some measures, the problem is far larger than public estimates have made available.
In 2019, 205,280 organizations submitted files that had been hacked in a ransomware attack — a 41% increase from the year before, according to data from Emsisoft, a security firm that helps companies hit by ransomware.
And the average payment being demanded by attackers has risen as well — jumping to US$84,116 in the last quarter of 2019, more than double what it was in the previous quarter.
Part of the rise can be explained by the increase in price of Bitcoin during that period, with the remainder more a function of the sheer surge in ransomware attacks.
But even these numbers may not paint a true portrait of the extent and reach of such ransomware attacks, because literally anything that is connected to the internet can be held for ransom.
Even New Orleans, one of dozens of American cities hit in recent times by ransomware attacks, has yet to fully recover and many operations are still conducted using paper.
No One Is Safe
And it’s not just cities and other public services which have come under attack, Barclays and several other high profile banks were still unable to make foreign currency conversions for customers even a month after Travelex, the company that provides the foreign currency to the banks, was targeted by the ransomware known as REvil.
Government authorities and security firms say that the problem will likely get much worse before it gets any better, if it gets any better.
Part of the reason is because attackers have proved hard to trace, using anonymous messaging platforms like Telegram and making demands for their ransoms in pseudonymous Bitcoin.
The other issue is that many attackers also appear to be operating from areas beyond the reach of the American judicial system, from countries such as Iran, Russia and North Korea.
And in the case of North Korea, some suspect that the attackers may even be state-sponsored, to earn hard currency for North Korea’s embattled regime.
Ransomware has evolved into an entire industry, with hundreds of gangs vying for the most lucrative victims.
Some hackers have even specialized in offering “ransomware as a service” — creating off the shelf victim-facing software and selling it to other less tech-savvy criminals on the dark web. Even more surprising is the level of customer service on offer to help deal with victims and payments for purchasers of such software.
And in case you’re wondering how criminals pay each other for such software — you guessed it, it’s Bitcoin.
Bitcoin For You Bitcoin For All
Much like the stores selling Bitcoin in Puerto Plata, an entire cottage industry has been created around ransomware, involving Bitcoin whales and miners, as well as cybersecurity firms.
According to one cybersecurity analyst based out of New York, who spoke on condition of anonymity,
“Many of our clients don’t know how to get Bitcoin and are not interested — they just want to pay off the ransom and resume normal operations.”
“And sometimes, the breach may have been due to something embarrassing, which the company would really rather not be public.”
“You’d be surprised by how many high level executives click on porn links in their emails.”
The view is echoed by Bryan Sartin, head of global security services at Verizon. Speaking to the New York Times, Sartin advises clients to create a slush fund with Bitcoin,
“Almost everyone says we will never pay the ransomware, but when push comes to shove, probably two out of three will.”
And while law enforcement officials have warned against giving attackers more confidence that they will get paid, the attacks have become widespread enough and the ransom payments frequent enough, such that the trend shows no signs of abating.
According to one cybersecurity manager for a large multinational firm headquartered in New York,
“Sometimes it’s key personnel and if it’s a small enough amount, it just makes sense to pay it off and move on.”
And perhaps it is this trend to “pay it off and move on” that has enabled a cottage industry of Bitcoin lenders to supply this demand for Bitcoin.
World’s Most Expensive Bitcoin
According to one Bitcoin lender and OTC (over-the-counter) Bitcoin provider based in Singapore and which is a spin off of one of the world’s largest Bitcoin mining makers in the world,
“Many of these corporates don’t know anything about Bitcoin and they don’t want to know. They pay the rates and then they get on with their businesses.”
“Often it costs them more to delay resumption of business, instead of paying off the ransom — law enforcement is not immediate, but paying the Bitcoin ransom can often provide an immediate salve to a business wound.”
And OTC providers as well as Bitcoin lenders with strong links to cybersecurity firms are making a tidy sum charging hefty premiums for providing Bitcoin.
According to one cybersecurity firm based out of San Francisco,
“Many of our clients outsource the problem to us and we have a pool of (Bitcoin) suppliers or lenders we go to, clients are happy to pay the premium.”
That premium has resulted in a healthy carry trade for Bitcoin, with premiums of 8% to 12% not uncommon, some have claimed spreads as high as 25% — but such claims are difficult to verify.
Many Bitcoin OTC providers with strong links to cybersecurity firms buy Bitcoin on open markets and then charge a hefty premium for the service — a lucrative trade when available.
According to one OTC provider based out of Hong Kong,
“The trade is profitable if you can find it. But it’s inconsistent, so you can’t rely on it for a living.”
“And some clients are getting more savvy, shopping around for the best rates.”
But as ransomware attacks, particularly for smaller denominations become more common, the demand for Bitcoin will only grow, as will demand for off ramps to discreetly convert Bitcoin back to dollars or other usable fiat currencies.
The irony of course is that while attackers are demanding Bitcoin, for now at least, they still can’t use it in a meaningful way.
Yet as cryptocurrency entrepreneurs increasingly find ways for people to spend Bitcoin, whether it’s supercars or property, that may change as well.
And for all the ransoms that victims are paying for, sometimes the heist goes wrong as well — the attackers may wipe the files that they’ve held ransom.
Last August, the medical practice of Dr. Shayla Kasel in Simi Valley, California was hit by ransomware.
Kasel was connected by her malpractice insurer to a ransom negotiator and a forensic expert who advised her that even if she paid off the ransom of US$50,000 for each of the digital keys that could unlock her different servers, there was only a 15% chance that she could get her files back.
Kasel’s limped along for a period, relying on paper and walk-ins before finally deciding to throw in the towel and close her practice.
Given the state of digital resources that most businesses rely on, it’s somewhat ironic that paper, may be more secure in our current time — something which was first seen in the early days of Bitcoin and cryptocurrencies.
Before the advent of hardware wallets for cryptocurrency, many early users of Bitcoin were storing their private keys on “paper wallets” — literally writing out the alphanumeric string that would unlock the Bitcoin in their addresses and storing the paper somewhere safe.
As ransomware becomes more prevalent, perhaps business owners and individuals may start taking a page out of Bitcoin’s very own playbook — literally.