Sullivan’s research into the “customer portal” of a family of cypto-ransomware known as “Spora” reveals that the criminals run their operations like an actual business with regularly scheduled spam runs to lure in new victims
The availability of Bitcoin, the open-source virtual currency, has made crypto-ransomware’s business model viable and profitable, feeding an online crime wave that has seen new extortion-enabling malware families at least double each year since 2012. Unless governments disregard previous concerns about shutting down the anonymous funding source, F-Secure Labs warns, this exponential growth is likely to only be limited by the ability of consumers to purchase Bitcoin.
“Bitcoin survived and thrived during the last U.S. presidential administration,” says Sean Sullivan, Security Advisor at F-Secure. “However, the new administration has indicated that it’s eager to reinvigorate the ‘the drug war’ by even cracking down on the sale of marijuana, which new U.S. Attorney General Jeff Sessions has said is just ‘slightly less awful ‘than heroin. If the U.S. pursues all the forms of potentially illegal payments, ransomware’s growth could be abated. Otherwise, we expect to see the new ransomware families we discovered in 2017 at least double.”
Chinese companies have made considerable investments into the vast server farms needed to mine the digital currency. The result is that 42 percent of all Bitcoin transactions last year took place in China exchanges, according to an analysis performed for the New York Times.* Sullivan has even noticed that the Shanghai Composite Index, one of the nation’s leading financial indicators, correlates at times with the Bitcoin Price Index.
“While better blockchain provides them with visibility over their markets, officials in China likely have little financial incentive to see the Bitcoin market hindered in any way,” Sullivan says. “The U.S. government, however, has shown little interest in legitimizing the virtual currency as investment.”
The U.S. Securities and Exchange Commission rejected the creation of a Bitcoin exchange-traded fund due to “concerns about the potential for fraudulent or manipulative acts and practices in this market” in March.**
“It’s conceivable that the Trump administration could argue that the anonymity of Bitcoin is enabling both the drug trade and international terrorism, crimes that have been continually used to justify new powers for U.S. law enforcement. Or perhaps U.S. government could even identify ransomware as the growing risk it has become for consumers, the health care industry and local governments, along with the burgeoning risks of the cyber-extortion of ‘Internet of Things’ devices.”
A small change that could make a big difference
U.S. and European officials could make a major dent in the availability of Bitcoin with a relatively simple change. “Bitcoin exchange accounts could be required to be tied to a physical address,” Sullivan says. Currently it takes just minutes – or seconds – to open a Bitcoin account in a third-party market. This requirement would require an activation code that’s mailed to you before an account can be opened. While this wouldn’t affect criminals who do business out of Russia and China, it would make their attacks far less profitable.
“The exchanges would hate it. But given the hundreds of millions of dollars being extorted every few months, it seems appropriate,” Sullivan says. “Barring this or a similar step, exponential growth of malware families delivering these threats seems to be the only other option.”
But time is of the essence, Sullivan stresses.
“Ethereum is now trading at similar trajectory as Bitcoin,” he says. “If governments don’t act now to come up with a strategy for dealing with digital currencies, it’s not going to get any easier.”