The hacker group REvil, which launched a cyberattack that has blocked the work of thousands of companies around the world, has agreed to lower its ransom demands. Instead of the initial $ 70 million for restoring access to damaged computer systems, the crackers are ready for $ 50 million, they said on Tuesday, July 6.
REvil demands payment of the ransom in bitcoins. According to cryptocurrency broker Joseph Edwards of Enigma Securities, the desire to get such a large amount of bitcoins is unusual: “It sounds more like a publicity stunt.”
Bitcoins made hacker extortion popular
Usually blackmailers extort relatively small sums – from $ 100,000 to $ 2 million, Edwards said in an interview with >. “Firms are often willing to pay such sums quickly to avoid negative media coverage and prolonged downtime,” he explains.
Criminals try not to bring the case to the intervention of law enforcement agencies, because if investigators find a clue, then more and more often in the end “criminals can be tracked down, they lose money and avoid imprisonment just because they are outside the jurisdiction of the United States – for example, in Russia or China. “, says the expert.
However, Bitcoin made such blackmail by hackers more widespread, says Mikko Hipponen, head of research at the Finnish cybersecurity company F-Secure: “It started in 2013. Attackers then thought that Bitcoin was anonymous and the transactions could not be traced. But later they realized that he was not as elusive as they thought. “
The think tank Chainalysis studies the movement of cryptocurrencies. One of the Center’s studies focuses on cases of extortion that have become public knowledge. And in this area, the share of cryptocurrencies is growing. Most often, blackmailers demand the same bitcoins, but another cryptocurrency, Monero, is also popular, says the head of Chainalysis Duncan Hoffman in an interview with >. “There are probably many other cases that we do not know about, when organizations pay ransom without much hype,” he is convinced.
When bitcoins stop being anonymous
The advantage of bitcoins is obvious – it is the most popular cryptocurrency. “This makes it easier for victims of extortion to meet the demands,” says Thomas Faber of the Frankfurt School of Finance and Management. To trade bitcoins, you need an electronic wallet. And this wallet has its own address, which is forever saved and visible to everyone with each transaction. “Everyone can see the data on the account and all the transactions that went through it,” explains Faber.
You can hide who is behind this or that electronic wallet, but “nevertheless, someday bitcoins must be exchanged for real money, otherwise they are useless in most cases.” Here, as a rule, it is already impossible to do without identity confirmation, so bitcoin cannot be called anonymous, the expert says.
Shop in El Salvador accepting payment in bitcoins
It is at the moment of exchanging cryptocurrencies for money that investigators have good chances, emphasizes Joseph Edwards of Enigma Securities: “Almost all exchange exchanges have high requirements for verification of identity for all transactions.”
Chainalysis estimates that up to 80 percent of the funds received by ransomware in bitcoins are exchanged on just five exchanges. This means that most exchangers follow all the rules. “On the other hand, it also shows that several platforms are turning a blind eye to security requirements or simply not tracking transactions,” says Duncan Hoffman.
Even the darknet and bitcoin mixers won’t help cybercriminals?
Another way to cash out bitcoins is the so-called decentralized exchanges, that is, those where the exchange takes place directly between two persons. In addition, blackmailers can spend the received cryptocurrency to buy goods and services on the darknet, says Thomas Faber of the Frankfurt School of Finance and Management. But in both cases, we are still talking about bitcoins, whose belonging to the funds that served as the ransom can be established. But there are also ways to further cover your tracks – with the help of so-called bitcoin mixers. Such services collect bitcoins from different users into a single account, and then distribute them back in random order.
Bitcoins are not a guarantee of successful blackmail
However, according to Joseph Edwards, tools for tracing the origin of cryptocurrencies are improving: “If the ransom is large enough and law enforcement agencies are attentive, then it is not so difficult to get on the trail of criminals.”
The fact that bitcoins are not a guarantee of successful blackmail was convinced from their own experience by the hacker group Darkside, which presumably operates from Russia. The hackers requested more than $ 4 million in bitcoins to unlock the computer systems of the American company Colonial Pipeline. However, the Federal Bureau of Investigation (FBI) traced the cryptocurrency to 23 wallets and was able to recover about half of the funds.
However, shortly thereafter, the same group, together with REvil, received a ransom of $ 11 million from another firm – JBS. And in this case, it was still not possible to establish where the cryptocurrency flowed away.