The Criminal’s Cloak: Bitcoin’s New Role in Ransomware


There’s a tradition in policing, popularized by All The President’s Men – to expose criminal activity, you follow the money. After all, it’s money that motivates the vast majority of crime, particularly when it comes to online fraud and ransomware.

So you trace the trail left by the money and it leads you direct to the criminal’s door.

But there’s a problem– and, unfortunately, it’s a problem of our own creation.

That problem is Bitcoin.

How the Italian Public Sector Paid the Price for Bitcoin

Earlier this year, several council offices across Italy were targeted by attackers using ransomware.

Ransomware is the online equivalent of extortion. Once the trojan is installed, often through seemingly innocent email attachments, files are locked away behind a splash screen or through encryption.

From there, attackers demand a ransom with the promise that, once this has been paid, files will be decrypted.

When offices in the Italian public sector found themselves unable to pay bills, process documents and issue certificates, everything ground to a halt. Their operations depended on their data.

It’s little surprise, then, that officials rushed to pay the requested fees. In this instance, those fees were the equivalent of 400 Euros, with the threat of the fee doubling if left unpaid.

But the attackers didn’t request Euros. They didn’t request dollars.

They requested Bitcoin.

A Currency for Crime

A decentralized currency with no involvement from banks or governments, Bitcoin is renowned for its private nature. Funds are moved directly from one Bitcoin wallet to another, without the need to expose personal data like names or contact addresses.

By design, it’s remarkably secure. Each wallet consists of a public-private pair of authentication keys and, to make a payment, only the public key needs to be given.

But while that privacy and security is a huge benefit for most of us, it’s an advantage to criminals too.

Thanks to Bitcoin, the attackers who targeted the Italian public sector could receive funds with complete anonymity. No money to follow. No way to track them down.

In fact, the attackers were so confident that they offered support to officials that didn’t know how to use Bitcoin. They went beyond the attack to offer lines of communication – because their attack vector and currency choice gave them complete security.

Bitcoin: It’s Not Bad!

Of course, Bitcoin isn’t just the preserve of criminals looking for an untraceable way to transfer money. In fact, it seems to reflect the future of money for us all.

Bitcoin established a precedent for decentralized currency and, while much of Bitcoin’s growth is the result of market speculators, there can be no denying that the currency has caught on with legitimate users, too. Lower fees, complete control, and strong security – what’s not to like?

Today, several alternate currencies are growing in popularity, including Litecoin, Peercoin and Namecoin. Even JPMorgan Chase has filed a patent for its own digital currency solution.

Even if the Bitcoin bubble bursts, this type of peer-to-peer money transfer is here to stay.

Give and Take

The internet honeymoon period is over. The novelty has worn thin and, today, the world wide web is a way of life.

With that in mind, many of us are wondering how we can live a digital life – one where all our data flows back and forth across the internet – without compromising on security and privacy. In fact, ExpressVPN even offer Bitcoin as a payment method now.

Solutions come and go. Security gets better, more robust, and easier to use.

But the risk is this: as we continue to seek privacy, we could be handing it to the people we’d rather keep exposed.