Could bitcoin hold the key to stopping ransomware?
When a police officer in听Durham, N.H., opened an innocuous looking email last spring, the small听New England department became victims of a totally new kind of crime 鈥 one that it had no idea how to solve.
Criminal hackers听had seized the department鈥檚 entire network of 28 computers, locking police out of the system that keeps arrest records, outstanding warrants, and incident reports for 24 hours. The culprit: ransomware, a form of malicious software that encrypts a victim's computer files until they pay a fee via听the virtual currency bitcoin.
Fortunately, Durham Police Chief Dave Kurz and his team had a backup server in place, allowing information technology teams to quickly restore access to the locked files. That鈥檚 not always the case, as ransomware victims risk losing their files for good if they don鈥檛 meet hackers鈥 demands.
鈥淲e would have had to explored paying a ransom,鈥 Chief Kurz says. 鈥淚t would have been a nightmare.鈥
To date, ransomware attackers have operated largely without fear of being caught, thanks to their use of encryption and the decentralized cryptocurrency bitcoin, which enables users to mask their identity during transactions.
Now, , (the cybersecurity firm听 718,536 ransomware incidents since the Durham hack) security researchers are tracking down suspected ransomware hackers by borrowing an old technique听from law enforcement: watching where the money flows. It's an investigative tactic so new that police in Durham wouldn't have been able to use it to track down the people who hacked them.听
But now,听says Caleb Fenton, a researcher at the听cybersecurity firm Sentinel One, 鈥淵ou can actually follow the money.鈥澨
All bitcoin transactions are stored on a public ledger called the blockchain, where anyone can view transactions between bitcoin users. Though the blockchain users preserve their anonymity by using screen names, the where payments are logged can serve as clues for investigators trying to track down ransomware criminals.
In fact, Mr. Fenton used the blockchain to gather a tremendous amount of data, including bitcoin addresses and amounts paid, as part of his own investigation into a new ransomware variant dubbed CryptXXX. That strain can also , and hackers have already used it to extort $50,000 in bitcoin payouts from听nearly 70 organizations听in the past month. Fenton says he was able to determine the number of victims by tracking the payments on the blockchain.
Fenton says he鈥檚 found a new bitcoin wallet, used to store and access the currency, associated with CryptXXX. Since the CryptXXX-related bitcoin address first popped up in the beginning of June, Fenton听says it's likely a new address dedicated to the campaign.
鈥淲hat I think we鈥檙e going to start seeing is more and more technology that allows you to trace bitcoin transactions,鈥 he said. 鈥淥nce they figure out where the command-and-control servers are, they can do a lot of information gathering tactics to figure out what听[internet protocol听addresses] were used, what the domains were, and who registered them.鈥
Fenton has only been able to tie the payments to blockchain screen names, not specific people, since users often utilize different addresses for each transaction. What鈥檚 more, sophisticated criminals can better anonymize their bitcoin by laundering the funds through Altcoin and other cryptocurrencies that are variants to bitcoin.听
Still, blockchain is the type of tool that experts hope will eventually听lead听to more arrests. Investigators could track the extortion payments to physical bitcoin exchange locations, where users convert the virtual currency to cash, and apprehend suspects, or catch them on surveillance footage, suggests Peter Van Valkenburgh, director of research at Coin Center, a Washington听think tank focused on bitcoin and blockchain technology.
鈥淥ld fashioned police work is always going to be the main method of investigation,鈥 said Mr. Van Valkenburgh. 鈥淎nonymity is not the tool that makes bitcoin palatable to criminals. It鈥檚 just very fast, it鈥檚 reversible, and it鈥檚 a lower cost to use than other payments systems, like mailing pre-paid credit cards.鈥 听
Bitcoin has become the most popular currency , the hidden criminal underbelly of the internet, since the popular online drug market known as the Silk Road emerged in 2011. Today, though conversion rates vary, bitcoins can sell for . The virtual currency听remains in use by other drug markets, , venture capitalists, and is being .
US government investigators are on the case, too. The Department of Justice briefly disrupted the ransomware scheme known as CryptoLocker, and who allegedly stole more than $100 million as part of the scheme. That single ransomware variant may have infected as many as 260,000 computers around the world, according to Richard Downing, US acting deputy assistant attorney general.
鈥淒espite these many challenges, law enforcement is actively working to disrupt and defeat ransomware schemes,鈥 Mr. Downing said at a Senate Judiciary Committee hearing in May. 鈥淭he FBI currently has over 30 active investigations into different ransomware variants.鈥 The FBI did not respond to requests for comment on this story.
Government investigators also leveraged bitcoin payments as part of the Silk Road investigation. After agents apprehended Silk Road founder Ross Ulbricht, they accessed his computer to find sizable transactions to two unknown sources. Authorities say both of those trails led to corrupt federal agents who, along with investigating the Silk Road, also appeared to be taking bitcoin for themselves.
鈥淭he mere existence of these corrupt government agents was determined to be true by the blockchain,鈥听said Coin Center's听Van Valkenburgh.
Success like that has led to a small marketplace of bitcoin intelligence firms cropping up all over the world, . British blockchain firm Elliptic has already raised $5 million for services to monitor the platform for criminal investigations. And the firm Chainanalysis has raised $1.6 million, and will help assisting Europol in investigations.
鈥淵ou鈥檙e putting your transactions on an immutable ledger that will never disappear," says Van Valkenburgh.听"You can鈥檛 eliminate that feature of the blockchain 鈥 you鈥檙e potentially exposing your entire criminal conspiracy to an audit."
听
