Bitcoin Ransomware Attacks 101

By Steven Gleiser
Published May 15, 2017 and Updated Mar 3rd, 2022
Bitcoin Ransomware Attacks 101

Recent bitcoin ransomware attacks thrusted the cryptocurrency into the limelight for all the wrong reasons yet again. Hackers launched an attack on institutions in 100 different countries, with the British National Health Service and Spanish Telefónica amongst the most high profile victims of the attack. The hackers basically gained access to the computers of various institutions and encrypted files on them. Once they encrypted the files, the hackers asked for ransom to decrypt them. They instructed these institutions to pay for the ransom with bitcoin, to give access to the files back to their lawful owners.

Why do Hackers use Bitcoin to Conduct Ransomware Attacks?

The extent to which bitcoin and other cryptocurrencies are involved in these attacks, is a matter of practicality. It is easy to make all kinds of transactions with bitcoin. Bitcoin payments are relatively quick, they cannot be taken back, and, through a series of additional tools, they can be almost impossible to trace back to the hackers. This doesn’t mean that bitcoin is the cause of the attacks; bitcoin arguably just makes it easier for hackers to collect their ransom.

Poking Fun At Bitcoin Ransomware Attacks
This popular image pokes fun at cyberattacks and the tools we have to fight them, but would the tactic work for bitcoin ransomware attacks? Source: https://imgur.com/fHhkdxX

Lessons from Bitcoin Ransomware Attacks

Therefore, potential victims must do everything in their power to prevent these bitcoin ransomware attacks, instead of attacking bitcoin’s reputation as an enabler. On one hand, hackers can launch ransomware attacks without relying on bitcoin. On the other hand, hackers merely look for the weakest target to launch any kind of attack. This means that people should learn 2 main lessons from the latest bitcoin ransomware attacks:

  1. The most important lesson is they must protect themselves and their systems from hackers.
  2. The other lesson is that hackers would carry out an attack whether bitcoin existed or not.

How to Prevent Bitcoin Ransomware Attacks

Focusing on the first lesson is therefore the key to prevent future bitcoin ransomware attacks. There are basic steps that anyone can follow to prevent these attacks in the future. Apart from operating system upgrades, anti-virus software and all the tools in the cyber-security suite, bitcoin itself teaches us a lot about preventing these attacks, conceptually, especially when it comes to questioning what we trust:

  • Hackers generally take advantage of people’s trust.
  • They can figure out through ‘social engineering’ where the weakest link in the system (organization) is, and they attack that person, often gaining access to one of their accounts – email or social media.
  • These hackers then proceed to send the type of malware that will allow them to ‘kidnap’ the files and ask for ransom, from accounts that other users trust.

Bitcoin teaches us important lessons about managing trust in an environment in which we rely on third parties:

  • Anti-virus software doesn’t always succeed in scanning those email or social media links to stop the attack, so why place all your trust in them?
  • People don’t always choose strong passwords, so why assume that everything we receive from our contacts was actually sent by them?
  • We voluntarily give up a lot of personal information that allows hackers to engage in social engineering, and we trust that information is safe on a server that a trusted third party secures. Why do we assume this?

Bitcoin Logic Against Ransomware Attacks

Passwords on a third-party server do not necessarily protect our information. The very nature of bitcoin’s blockchain also shows that information can be traced and it can be picked up by anyone out there. The blockchain just makes this abundantly clear instead of giving its users a false sense of security. The result is a trust-less system in which we all know that if we do not want anyone to have access to our information, we just don’t put it out there. If we want to keep our information away from hackers – private bitcoin keys are a splendid example – we must keep it offline and/or encrypted. This “bitcoin logic” is what will help people understand how to protect themselves from bitcoin ransomware attacks, at least at an individual level.

Blockchain Can be Traced and Anyone Has Access to it

At this point, many of you are asking yourselves how is it then that bitcoin ransomware attacks can be successful, if anyone can trace those transactions on the blockchain? Is “bitcoin logic” so feeble that it is self-defeating? The answer to that question is yes and no at the same time. We must keep in mind that average internet/computer users are not necessarily highly proficient in the use of a wide variety of tools that hackers use. Therefore, they do not necessarily understand that hackers use tools to muddle their transactions.

This means that the bitcoin transaction to free those files from ransomware is traceable within bitcoin’s public blockchain. The challenge is to connect those coins to a specific IP address and locate the attackers, because hackers use VPNs and other tools to build a buffer between their public addresses and their location. They might also proceed to exchange their bitcoin for zero knowledge coins such as Monero or Zcash, before they switch to bitcoin again and cash out of the system. This makes it even harder to catch them.

Bitcoin is Not the Problem

This brings us back to square one: the only real tool we all have to protect ourselves from these attacks is prevention. Apart from “bitcoin logic”, there are other layers of protection that we must recur to, to make it more difficult for the hackers to attack us, but explaining how those layers work and what they are belongs to other blogs. Our point here is that bitcoin and other cryptocurrencies cannot be logically blamed for bitcoin ransomware attacks. It is up to individuals and institutions to limit their exposure to these attacks and to learn the appropriate lessons from the advent of blockchain technology to do this.