Wachirawit Jenlohakit / Getty Images
The problem has long haunted bank robbers and drug traffickers: How do you transport and hide huge sums of ill-gotten goods without getting caught?
Over the past few years, ransomware hackers have found an almost perfect solution: cryptocurrencies like Bitcoin. It’s quick. It’s easy. Best of all, it is largely anonymous and difficult to trace.
In the latest example, the world’s largest meat processor, JBS, announced Wednesday night that it recently paid $ 11 million in Bitcoin after a cyberattack forced its factories to close in the United States, Canada and Canada. Australia. The FBI blamed the attack on a Russian criminal gang.
“You now have the ability to move millions of dollars of cryptocurrency across national borders in seconds,” said Yonatan Striem-Amit, co-founder of Cybereason, a Boston-based company that offers protection against pirates.
“It really is a very powerful tool in the hands of criminals to launder money, to transfer currency from one state to another in a way that is in a way untraceable and definitely out of control.”
Until recently, many cybercrimes involved the small-scale theft of credit cards or individual bank accounts.
“If we were talking about two years ago, we wouldn’t be talking about Bitcoin as the dominant form of ransom payment,” said Hitesh Sheth, president of cybersecurity firm Vectra in San Jose, California.
Big payouts, little risk
Bitcoin and other cryptocurrencies have made it possible to extort huge ransoms from large corporations, hospitals and city governments. And if cyber thieves live in countries like Russia – which many do – there’s virtually no chance of getting caught.
Ironically, cryptocurrency trading takes place on what are called “public ledgers”.
This means that anyone can observe online. But the parties to a transaction are anonymous, disguised as a random number.
“You see exactly how money moves from one address and wallet to another,” Cybereason’s Striem-Amit said. “However, there is no way for us to associate a person with these wallets. And a lot of people not only have an address, a wallet, but have dozens, hundreds of them.”
Thus, hackers can continue to move currency from one anonymous account to another. This makes it very difficult, but not impossible, to trace.
Take the case of Colonial Pipeline, which was hacked last month, shutting down gasoline supplies in the eastern United States for almost a week.
The Justice Department said this week that the FBI recovered more than half of the $ 4.4 million in ransom Colonial paid to hackers, known as DarkSide and believed to be based in Russia.
This case marked a big step forward. The Justice Department said this was the first time that a ransomware task force had been able to recover some of the money.
Still, it’s unlikely to become the norm anytime soon. The FBI invested resources in the Colonial case because it was a high-profile attack that shut down a critical pipeline to the nation’s economy.
The FBI will not be able to devote as many resources to each ransomware attack. And the cases are difficult to resolve.
According to court documents, the FBI pushed its way through a maze of more than 20 cryptocurrency accounts to find the hackers. When it located the account, the office then sought an order from the US court to seize the funds.
But then comes the real mystery. Even when the FBI located the computer and obtained the court order, the office still needed the secret encryption key to unlock the account and capture the Bitcoin.
The FBI did not say how it did this, which has sparked widespread speculation and a range of possible scenarios in the cybersecurity community.
The FBI discourages ransom payments and some companies refuse to pay. But the decision is up to the business or institution that has been affected, and many believe it is better to pay and resume operations rather than risk a prolonged shutdown.
Meanwhile, private companies are realizing that they need to focus more on the threat of ransomware.
“For boards of directors of large companies, cybersecurity has become a hot topic in recent years,” said Hitesh Sheth of Vectra. “It’s not just cybersecurity, like, ‘Hey, how do I stop the attacks? It’s really about “What’s our ransomware strategy?” “It has become very precise.”
Ransom demands and payments have exploded.
“We have now seen, with our customers, paid ransoms exceeding $ 10 million, with demands of up to $ 40, 50 and 60 million,” said Oren Wortman, who manages cyber issues for the company. insurance Beecher Carlson.
Some insurance companies no longer cover ransomware or impose a series of restrictions, he added.
“There are insurers who don’t write new business,” he noted. “There are insurers who are abandoning their activities. And there are insurers who completely exclude health, the public sector and higher education, ”all of which are frequent targets.
Amid all of these developments, the Biden administration and some members of Congress are starting to talk about the regulation of cryptocurrencies. But so far it’s just talking.
Greg Myre is a national security correspondent for NPR. Follow it @ gregmyre1.