How Bitcoin Has Fueled Ransomware Attacks

If you’re planning a multi-million dollar ransomware attack, there’s really only one way to collect – with cryptocurrency. It’s fast. It’s easy. Best of all, it’s largely anonymous and hard to trace.

EA Builder

Transcript

NOEL KING, HOST:

The world’s largest meat producer, JBS, says it paid $11 million in bitcoin as ransom to cybercriminals. The company says it made that payment to prevent more disruptions after its plants in North America and Australia were shut down. Hackers typically demand payment in cybercurrency because it is very hard to trace. Here’s NPR’s Greg Myre.

GREG MYRE, BYLINE: The problem has long plagued bank robbers and drug smugglers – how to transport and hide large sums of ill-gotten gains without getting caught. At last, ransomware hackers have found an almost perfect solution – cryptocurrencies.

YONATAN STRIEM-AMIT: You now have a possibility to move millions of dollars’ worth of cryptocurrency across nationalities in seconds.

MYRE: Yonatan Striem-Amit is a co-founder of Cybereason. It’s a Boston-based company that offers protection from hackers.

YONATAN STRIEM-AMIT: It really is a very powerful tool in the hands of criminals to perform money laundering, to shift currency from one state to another in a way that’s, in a sense, untraceable and definitely uncontrollable.

MYRE: Until recently, many cybercrimes involved the small-scale theft of individual credit cards or bank accounts. Hitesh Sheth runs the cybersecurity company Vectra in Northern California.

HITESH SHETH: If we were talking like this two years ago, we would not be talking about Bitcoin as being the dominant form of paying off the ransom.

MYRE: But Bitcoin and other cryptocurrencies made it possible to extort huge ransoms from large companies, hospitals and city governments. And if the thieves live in countries like Russia, which many do, there’s virtually no chance of getting caught. Ironically, cryptocurrency exchanges take place on what are called public ledgers. This means anybody can watch online, but the parties in a transaction are anonymous, disguised with a random number. Yonatan Striem-Amit explains.

YONATAN STRIEM-AMIT: You see exactly all the way the money moves from one address, one wallet to another. However, there is no way for us to associate a person with these wallets. And a lot of people would have not just one address, one wallet, but can have dozens, hundreds.

MYRE: So hackers can keep moving the currency from one anonymous account to another. This makes it very difficult, though not impossible, to trace. Consider the case of Colonial Pipeline. The FBI did recover more than half of the $4.4 million in ransom the company paid to the hackers, believed to be based in Russia. This was a big breakthrough, but it’s unlikely to become the norm. The FBI says it worked its way through a maze of more than 20 cryptocurrency accounts to find the hackers. Private companies are realizing they need to focus more on the threat of ransomware. Again, Hitesh Sheth.

SHETH: Cybersecurity, the last couple years, has become a hot topic. But, you know, it’s not just cybersecurity as like, hey, how do I stop attacks? It’s really gotten down to, what is our ransomware strategy? Right? It’s gotten very specific.

MYRE: The ransom demands and the payments have skyrocketed. Oren Wortman is with the insurance company Beecher Carlson.

OREN WORTMAN: We have now seen with our clients ransoms paid in excess of $10 million with demands as high as 40, 50 and $60 million.

MYRE: Some insurance companies are no longer covering ransomware.

WORTMAN: There are insurers out there who are blanketly not writing any new business. There are insurers who are dropping business.

MYRE: With all this going on, the Biden administration is starting to talk about regulating cryptocurrencies. But so far, it’s just talk.

Greg Myre, NPR News, Washington.

(SOUNDBITE OF SUBLAB AND AZALEH’S “VIDURA”)

KING: And just a quick note – Cybereason, one of the companies in Greg’s story, is an NPR sponsor.

(SOUNDBITE OF SUBLAB AND AZALEH’S “VIDURA”) Transcript provided by NPR, Copyright NPR.