Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

Bitcoin Is Fueling the Ransomware Epidemic

By M. Scott Koller
October 02, 2017

Year after year, security experts have raised the alarm regarding the threat of ransomware, and yet it continues to be the leading cause of security breaches. At BakerHostetler, our incident response team continues to see organizations of all sizes and in every industry fall victim to this threat. But what has been fueling the rapid growth and spread of ransomware?

At its core, ransomware is a type of malware. Similar to the viruses and worms that have plagued the computer industry for decades, its defining characteristic is the ransom demanded to restore access to infected systems or data. Money is a powerful motivator, but it alone wasn't enough to fuel the ransomware epidemic. After all, the first documented ransomware infection was in 1989, but it remained relatively unknown until its resurgence over the past five years. So what changed? In short, bitcoin.

The Rise of Bitcoin

In the past, getting paid was a major obstacle to the growth of ransomware. Checks can be stopped, wire transfers can be reversed and credit-card purchases can be charged back to the seller. Not to mention that each of these payment methods could potentially be traced back to the criminal. That is not to say that it was impossible for criminals to get paid, but significant overhead and risks were associated with the various payment methods. Bitcoin solved that problem.

In 2008, Satoshi Nakamoto published a white paper outlining the foundation of what would eventually become bitcoin. Utilizing cryptography to control the creation and management of the currency, bitcoin is a type of digital cash. More important, bitcoin operates without a central governing body. In other words, there isn't a central bank or regulator available to reverse or stop fraudulent payments. Once made, bitcoin payments are typically irreversible, the digital equivalent of handing someone cash, only transferred electronically instead of in person.

Digital currencies are nice in theory, but unless they can be exchanged for something valuable in the real world, they are not very useful. Bitcoin solved this problem as well. Bitcoin is the first cryptocurrency to gain widespread acceptance. While it did get a significant boost when it was selected as the currency of choice by the now-defunct Silk Road drug marketplace, bitcoin can be used at thousands of legitimate businesses and currently has a market capitalization in the billions of dollars.

The Payment of Choice for Hackers

With the development of bitcoin, ransomware developers now had a reliable method of benefiting from their activities and an avenue for laundering the profits. Bitcoin was the missing piece and the catalyst for the rise of ransomware. Consider the gradual decline in other ways hackers could monetize their activities in this same time frame.

Before ransomware, the theft and sale of payment-card information was the primary revenue stream for criminal hackers. Only a small number of companies process or store credit-card information, and those that do allocate significant resources to the protection of that information. With the adoption of the Payment Card Industry Data Security Standard, a successful theft of credit-card information required skills and resources typically reserved for the most skilled hackers or criminal organizations. Contrast this situation with the typical ransomware situation. Anyone with data (or a computer), not just those with credit-card information, is potentially a target. This exponentially increases the number of targets, many of have not allocated resources to information security.

In many cases, this oversight is understandable. After all, your wedding or vacation photos are extremely valuable to you, but because they are not valuable to others, you are unlikely to dedicate significant resources to protecting them. Those running ransomware exploit that mentality because it makes easy targets. Compounded by the fact that ransomware requires very little technical skill to deploy, the reasoning behind the rise of ransomware has become clear.

Best Practices

Ransomware is here to stay. Just as we have seen with other computer viruses and spam email, ransomware is an unfortunate byproduct of using the Internet. The best defense against ransomware is a combination of security awareness training, technical safeguards and proactive security measures:

  • Ensure all systems have anti-virus software installed that is configured to automatically update and perform regular scans. But do not rely on anti-virus software alone. New variants are constantly being developed and specifically designed to avoid detection.
  • Most ransomware requires some interaction by the user. Therefore, consider security awareness training on ransomware and the types of phishing email used to propagate it.
  • Back up data on a regular basis, and verify the integrity of those backups. Given the strength of the encryption used in ransomware, backups will likely be your only recourse for restoring data if you do not pay the ransom. Remember to segregate your backups from the primary network to prevent the ransomware from encrypting that data as well.
  • Utilize group policy or other access controls to limit write-access to files, directories and network shares that are not specifically required for the user's job function. Ransomware inherits the user permissions for the individual who activated it. By limiting a user's access, you limit the ransomware's ability to spread should an infection occur.
  • Consider using application whitelisting and limiting user ability to run applications and/or install programs.
  • Conduct a mock exercise involving ransomware to test your incident response plan and gauge the speed and effectiveness of your ability to restore data.

Conclusion

Remember, ransomware is a threat not only to your network but also to those you may connect to or rely upon. Consider how a ransomware infection involving a critical vendor or service provider could impact your operations. As long as there is a financial incentive, criminal elements will continue to develop, improve and distribute ransomware. But with proper planning and preparation, you can reduce the likelihood of a ransomware infection and minimize the impact on your business operations.

*****
M. Scott Koller
is a member of BakerHostetler's Privacy and Data Protection Team in Los Angeles. He advises clients regarding data security and privacy risks, including compliance, developing breach response strategies, defense of regulatory actions, and defense of class action litigation. Koller holds a number of technical certifications, including Certified Information Systems Security Professional, Certified Computer Forensic Examiner, and Certified Information and Privacy Professional through the International Association of Privacy Professionals. The views expressed in this article are those of the author and not necessarily those of BakerHostetler or its clients.

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
How Secure Is the AI System Your Law Firm Is Using? Image

In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.

COVID-19 and Lease Negotiations: Early Termination Provisions Image

During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.

Pleading Importation: ITC Decisions Highlight Need for Adequate Evidentiary Support Image

The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.

The Power of Your Inner Circle: Turning Friends and Social Contacts Into Business Allies Image

Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.

Authentic Communications Today Increase Success for Value-Driven Clients Image

As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.