Posted on

Cyberattack Culprits Demand Ransom Be Paid In Bitcoins

If you were a victim of this global cyberattack that hit over 150 countries the last few days, you would have seen a message pop up on your computer. It demanded you pay hundreds of dollars to access your files. To pay, you had to use bitcoin. You wonder what that is? You’re not alone.

(SOUNDBITE OF TV SHOW, “THE COLBERT REPORT”)

STEPHEN COLBERT: Now, if you don’t know what bitcoin is, want to buy some bitcoin?

RACHEL MARTIN, HOST:

That was Stephen Colbert back in 2013 when bitcoin, an anonymous form of online currency, was just becoming popular. Many people didn’t really understand what it was, and four years later, many people still don’t.

SEAN SULLIVAN: I’m a computer nerd, and I think bitcoin is still kind of confusing, so that is actually the most difficult part for most people.

GREENE: That computer nerd is Sean Sullivan with the Helsinki-based cybersecurity firm F-Secure. Hackers use bitcoin because it is anonymous and cannot be traced easily, but actually paying ransom in bitcoin can be daunting.

You have to set up a virtual wallet. Then you have to link it to your bank account or your credit card. And then you have to find somewhere to actually buy bitcoin.

MARTIN: So, of course, hackers want their money, so they want to make this easier. They’re actually offering customer support. They send you links to bitcoin tutorials. They even have chat rooms where a member of the hacking group can help you out.

Sullivan’s company wanted to test just how good the customer service was, so they had someone who’s not a computer expert download five viruses and then ask the hackers for help paying ransom.

SULLIVAN: We got very personalized support via email to very – somewhat personal via forms, to some ignored us completely. We could figure it out. We could figure it out. If we didn’t, they didn’t care.

GREENE: And the hackers were very understanding. Apparently, they would be willing to extend the ransom deadline. And Sullivan says that when the customer service was good, I mean, it was really good.

SULLIVAN: There’s even been some anecdotal cases of ransomers actually remote controlling the victim’s computers in order to help them run the decryption tool because the victim’s having trouble running the tool.

GREENE: Some of the hackers were even willing to engage in bitcoin bargaining to lower the ransom.

MARTIN: Yeah, so pretty sure my cable company could take some pointers from these guys.

Posted on

Why the massive cyberattack won’t make the hackers rich

The WannaCry cyberattack that’s making headlines this week has squeezed around $80,000 from its victims so far, barely enough to put down a deposit on an apartment in cheaper parts of London. But it’s seized the attention of powerful governments around the globe.

What’s more, the hackers’ decision to use the digital currency bitcoin to collect the ransom money is likely to make it tough for them to withdraw their ill-gotten gains without being caught.

The malware instructed victims to pay $300 in bitcoin in order to regain control of the data it had seized, threatening to increase the sum demanded every three days.

Related: Researchers find possible North Korea link to massive cyberattack

Following the money

At first glance, using bitcoin to gather the money could make sense: cybercriminals can set up accounts in the virtual currency anonymously. But anyone can see the accounts online and also view a record of transactions.

That makes spending the bitcoins or cashing out of them into another currency without getting caught a tricky task, especially when you’ve already attracted widespread global attention.

“I have the feeling we will soon see … how difficult it is to launder [bitcoin],” Facebook Chief Security Officer Alex Stamos tweeted over the weekend, suggesting law enforcement and intelligence agencies could cooperate in tracking what happens to the money.

Related: Police warn: If you’re hit by cyberattack, don’t pay the ransom

They may have their work cut out: the global bitcoin market sees roughly 250,000 transactions a day. And criminals can use murky online markets to try to cover their tracks, said Leonhard Weese, who advises startups on cryptocurrencies like bitcoin.

The WannaCry hackers are likely to have plenty of cyber sleuths on their trail, though. U.K. startup Elliptic has made a business out of helping law enforcement agencies trace shady money through the bitcoin realm to track down people or groups in the real world.

Elliptic is already monitoring the funds in the three bitcoin accounts linked to the WannaCry cyberattack.

Cyberattack WannaCry possibly linked to North Korea code

Puzzling decisions

Other decisions by the hackers also look puzzling, especially if their goal was to profit from the attack.

Asking computer owners who use outdated versions of Microsoft Windows to pay a ransom in an obscure digital currency is an optimistic request at best — and it’s one of the likely reasons why the amount paid is so low compared with the number of victims.

“One or two people I know have joked to me that even if they did get hit, they wouldn’t know how to get a bitcoin to pay them with,” said Michael Gazeley, managing director of Hong Kong-based cybersecurity provider Network Box.

These are the victims of a ransomware cyberattack

Police have told victims not to pay the WannaCry ransom, warning that handing over the money doesn’t guarantee that they’ll get everything back.

There have been more sophisticated and successful instances of cybertheft in the past. Cryptowall, a similar type of malware that spread through businesses around the world in 2015, is estimated to have made its creators $325 million.

Was it a political move?

All of this begs the question: Was WannaCry really about the money?

Patrick Coughlin, COO of cybersecurity firm TruSTAR, asked in a blog post Tuesday whether the hackers cared about financial returns at all or were motivated instead by a political agenda.

“The answer is probably somewhere in the murky middle,” he wrote.

“No matter what you think about the motives behind this particular attack — there will be more to come,” Coughlin warned. “And the next wave will learn from the impact we’ve seen (and not seen) here.”