Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - News & Analysis - Govt Warning As Bitcoin Continues To Fuel Ransomware – F-Secure Labs
News & Analysis

Govt Warning As Bitcoin Continues To Fuel Ransomware – F-Secure Labs

ISBuzz TeamBy ISBuzz TeamApril 25, 2017Updated:July 4, 20244 Mins Read
Share LinkedIn Twitter Facebook Copy Link Email
Share
Facebook Twitter LinkedIn Email Copy Link
Quick AI Summary
ChatGPTClaudeGeminiGrokPerplexityDeepSeekCopilot

Ransomware likely to continue exponential growth unless governments act, says F-Secure Labs

 Government reluctance to shut down the virtual currency Bitcoin has made the rapid growth of cyber-extortion possible, but that could change if the United States or China shifts law enforcement priorities.

 Buckinghamshire, UK–  The availability of Bitcoin, the open-source virtual currency, has made crypto-ransomware’s business model viable and profitable, feeding an online crime wave that has seen new extortion-enabling malware families at least double each year since 2012. Unless governments disregard previous concerns about shutting down the anonymous funding source, F-Secure Labs warns, this exponential growth is likely to only be limited by the ability of consumers to purchase Bitcoin.

“Bitcoin survived and thrived during the last U.S. presidential administration,” says Sean Sullivan, security advisor at F-Secure. “However, the new administration has indicated that it’s eager to reinvigorate the ‘the drug war’ by even cracking down on the sale of marijuana, which new U.S. Attorney General Jeff Sessions has said is just ‘slightly less awful‘ than heroin. If the U.S. pursues all the forms of potentially illegal payments, ransomware’s growth could be abated. Otherwise, we expect to see the new ransomware families we discovered in 2017 at least double.”

There was one known ransomware family variant in 2012, according to F-Secure’s State of Cyber Security 2017 report. By 2015, there were 35, which exploded to 193 in 2016.

Bitcoin is Ransomware’s only constraint

Chinese companies have made considerable investments into the vast server farms needed to mine the digital currency. The result is that 42 percent of all Bitcoin transactions last year took place in China exchanges, according to an analysis performed for the New York Times*. Sullivan has even noticed that the Shanghai Composite Index, one of the nation’s leading financial indicators, correlates at times with the Bitcoin Price Index.

“While better blockchain provides them with visibility over their markets, officials in China likely have little financial incentive to see the Bitcoin market hindered in any way,” Sullivan says. “The U.S. Government, however, has shown little interest in legitimising the virtual currency as investment.”

The U.S. Securities and Exchange Commission rejected the creation of a Bitcoin exchange-traded fund due to “concerns about the potential for fraudulent or manipulative acts and practices in this market” in March.**

“It’s conceivable that the Trump administration could argue that the anonymity of Bitcoin is enabling both the drug trade and international terrorism, crimes that have been continually used to justify new powers for U.S. law enforcement. Or perhaps U.S. government could even identify ransomware as the growing risk it has become for consumers, the healthcare industry and local governments, along with the burgeoning risks of the cyber-extortion of ‘Internet of Things’ devices.”

A small change that could make a big difference

 U.S. and European officials could make a major dent in the availability of Bitcoin with a relatively simple change. “Bitcoin exchange accounts could be required to be tied to a physical address,” Sullivan says. Currently it takes just minutes – or seconds – to open a Bitcoin account in a third-party market. This requirement would require an activation code that’s mailed to you before an account can be opened.  While this wouldn’t affect criminals who do business out of Russia and China, it would make their attacks far less profitable.

“The exchanges would hate it. But given the hundreds of millions of dollars being extorted every few months, it seems appropriate,” Sullivan says. “Barring this or a similar step, exponential growth of malware families delivering these threats seems to be the only other option.”

But time is of the essence, Sullivan stresses.

“Ethereum is now trading at similar trajectory as Bitcoin,***” he says. “If governments don’t act now to come up with a strategy for dealing with digital currencies, it’s not going to get any easier.”

*Source: https://www.nytimes.com/2016/07/03/business/dealbook/bitcoin-china.html

**Source: https://www.nytimes.com/2017/03/10/business/dealbook/winkelvoss-brothers-bid-to-create-a-bitcoin-etf-is-rejected.html

***Source: https://coinmarketcap.com/currencies/ethereum/

More Information:

Bitcoin Friction Is Ransomware’s Only Constraint – Sullivan’s research into the “customer portal” of a family of cypto-ransomware known as “Spora” reveals that the criminals run their operations like an actual business with regularly scheduled spam runs to lure in new victims. And while the crooks are flexible about deadlines, the method of payment is non-negotiable: it must be in Bitcoin.

“We should be thankful that there are at least some limits on purchasing Bitcoin. If it were any easier to do so, very little else would check the growth of crypto-ransomware’s business model,” Sullivan says. “The malware technology to encrypt data has been possible for many, many years; the bigger challenge has always been getting paid.”

ISBuzz Team
  • ISBuzz Team
    Air Canada Data Breach: BianLian Extortion Group Claims A Massive Heist Contrary To Airline’s Earlier Statement
  • ISBuzz Team
    Unprecedented DDoS Attack Rocks The Web: Tech Giants Reveal A Digital Tsunami
  • ISBuzz Team
    CISA Flags High-Severity Adobe Acrobat Reader Flaw Amid Active Exploits
  • ISBuzz Team
    Curl Security Alert: Patching A Critical Bug Averting Potential Cyber Catastrophe

The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share. Facebook Twitter LinkedIn Email Copy Link

Related Posts

Foxconn confirms cyberattack following Nitrogen ransomware claims

May 14, 20263 Mins Read

Lazarus Group Turns to Medusa Ransomware in Escalating Global Extortion Campaign

February 26, 20263 Mins Read

The Cyberattack That Exposed the Fragility of Digital Heritage

February 11, 20268 Mins Read
ISB-Bora-Side-Bar

No se ha podido establecer conexión. Error 429

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}