Beyond Bitcoin for Ransomware
Ransomware is bringing Bitcoin into popular culture and raising awareness about cryptocurrencies. In May, the price of Bitcoin surged to over US$2,800 before retreating. It remains the “go to” digital currency for ransomware authors due to its relative anonymity, ease of use, and popularity.
As the ability for the public to acquire digital currencies other than Bitcoin becomes easier, cybercriminals will look to these alternatives to Bitcoin for funding malicious activities. In fact, hundreds of cryptocurrencies are now available on public markets. Some of these emerging “altcoins” offer improvements over Bitcoin in features cybercriminals value, such as anonymity and privacy, and are already used in illicit transactions on the dark web. Monero, for example, is gaining popularity on the dark web. Dash and Zcash also focus on techniques to keep financial transactions private and anonymous.
Arguably, the most popular cryptocurrency after Bitcoin is Ethereum. However, unlike Bitcoin, Ethereum is also a platform that allows developers to build applications – called “smart contracts” – that execute as part of a blockchain. Numerous industry efforts make interacting with the Ethereum blockchain easier for developers:
- The Enterprise Ethereum Alliance is a partnership that aims to define enterprise-grade software on a blockchain.
- Microsoft built Blockchain as a Service into Azure’s cloud services.
- Ethereum Name Service (ENS) acts like DNS for the long Ethereum account and smart contract addresses.
- MetaMask connects the familiarity of your internet browser directly to the Ethereum blockchain.
As development platforms for building applications and products on public blockchains evolve, the ability to leverage these for criminal activity will also increase. Cybercriminals will soon start building applications on blockchains, such as Ethereum, to automate the process of payment collection. For example, cybercriminals could build smart contracts into their ransomware packages. Encryption keys could be created and released on infection, and after subsequent payment to the smart contract, the package could ‘self-destruct’ and remove itself from the blockchain.
As with any new technology that holds the promise of solving important and legitimate technical problems, that same technology can be used to enable illegitimate activity. Understanding what that activity can be, where the potential for misuse is, and how to identify it when it occurs is going to be increasingly important for security professionals, especially as blockchain development becomes more prevalent in enterprise organizations.