ransomware and the bitcoin money trail
TRANSCRIPT
Since its debut in 2009, Bitcoin has been a boon to civil libertarians and cyber criminals alike. Payments can’t be traced back to sender or recipient. That makes Bitcoin an anonymous, friction-free way to transact private commerce.
This flipbook explains why the cryptocurrency has been so popular with ransomware, an old attack that has come roaring back to life in
recent months.
How Bitcoin and other cryptocurrencies workThink of this form of currency as equivalent to
a virtual casino chip.
These “coins” have no intrinsic value in the
real world.
Like a casino chip, though, users can purchase
the tokens with real world, local currency, and
use them within the establishment – in this case
the internet – and trade them in for real currency
upon exiting.
Bitcoin’s appealBitcoin is globally available and highly liquid
• It converts directly into local currency
• If offers low transaction fees
• It’s faster than checks, wire transfers, and,
in some cases, credit cards
Unlike government-backed currency,
cryptocurrencies are not considered money
• Bitcoins are lightly regulated
• Transmission methods and the “tumbler”
system are not considered laundering –
even thought they are essentially the same
concept
• The upshot: transactions are hard to trace
Why it’s so popular in ransomwareIn traditional kidnapping for ransom, the
biggest challenge has always been collecting
and getting away with the ransom itself.
Earlier forms of ransomware might have
required a pre-purchased debit card. While
this approach can bypass banks’ anti-fraud
measures, it’s cumbersome on both sides of
the transaction.
Bitcoin solves the problem with a fast,
untraceable payment system that makes
ransoms much easier to pay—and for cyber
criminals, much safer to collect.
Anatomy of a ransomware paymentHere’s how a typical ransomware payment works:
1. Cyber criminals infect the victim with
ransomware, which demands a ransom to be
paid in Bitcoin.
2. The victim purchases number of bitcoins
demanded from one of countless legitimate
Bitcoin exchanges.
3. The victim transfers the bitcoins from his or
her Bitcoin wallet to an anonymous Bitcoin
address
4. The coins enter a “tumbler.” This electronic
service mixes bitcoins in with others, making
them untraceable.
5. The coins transfer to the attacker. Much like
real world laundering, the attacker ends up
with an untraceable payment.
Following the moneyBy demanding payment in Bitcoin, cyber
criminals get anonymity that makes collecting
ransoms far easier than before.
It’s no wonder that all major variants of
ransomware require payment in Bitcoin.
PROTECT YOURSELF FROM RANSOMWARE
Download the Ransomware Survival Guide to learn what to do before, during and after a ransomware attack.
ABOUT PROOFPOINT
Proofpoint, Inc. (NASDAQ:PFPT), a next-generation cybersecurity company, enables organizations to protect the way their people work today from advanced threats and compliance risks. Proofpoint helps
cybersecurity professionals protect their users from the advanced attacks that target them (via email, mobile apps, and social media), protect the critical information people create, and equip their teams
with the right intelligence and tools to respond quickly when things go wrong. Leading organizations of all sizes, including over 50 percent of the Fortune 100, rely on Proofpoint solutions, which are built for
today’s mobile and social-enabled IT environments and leverage both the power of the cloud and a big-data-driven analytics platform to combat modern advanced threats.
proofpoint.com
©Proofpoint, Inc. Proofpoint is a trademark of Proofpoint, Inc. in the United States and other countries. All other trademarks contained herein are property of their respective owners.