Ransomware likely to continue exponential growth unless governments act, says F-Secure Labs
Government reluctance to shut down the virtual currency Bitcoin has made the rapid growth of cyber-extortion possible, but that could change if the United States or China shifts law enforcement priorities.
Buckinghamshire, UK– The availability of Bitcoin, the open-source virtual currency, has made crypto-ransomware’s business model viable and profitable, feeding an online crime wave that has seen new extortion-enabling malware families at least double each year since 2012. Unless governments disregard previous concerns about shutting down the anonymous funding source, F-Secure Labs warns, this exponential growth is likely to only be limited by the ability of consumers to purchase Bitcoin.
“Bitcoin survived and thrived during the last U.S. presidential administration,” says Sean Sullivan, security advisor at F-Secure. “However, the new administration has indicated that it’s eager to reinvigorate the ‘the drug war’ by even cracking down on the sale of marijuana, which new U.S. Attorney General Jeff Sessions has said is just ‘slightly less awful‘ than heroin. If the U.S. pursues all the forms of potentially illegal payments, ransomware’s growth could be abated. Otherwise, we expect to see the new ransomware families we discovered in 2017 at least double.”
There was one known ransomware family variant in 2012, according to F-Secure’s State of Cyber Security 2017 report. By 2015, there were 35, which exploded to 193 in 2016.
Bitcoin is Ransomware’s only constraint
Chinese companies have made considerable investments into the vast server farms needed to mine the digital currency. The result is that 42 percent of all Bitcoin transactions last year took place in China exchanges, according to an analysis performed for the New York Times*. Sullivan has even noticed that the Shanghai Composite Index, one of the nation’s leading financial indicators, correlates at times with the Bitcoin Price Index.
“While better blockchain provides them with visibility over their markets, officials in China likely have little financial incentive to see the Bitcoin market hindered in any way,” Sullivan says. “The U.S. Government, however, has shown little interest in legitimising the virtual currency as investment.”
The U.S. Securities and Exchange Commission rejected the creation of a Bitcoin exchange-traded fund due to “concerns about the potential for fraudulent or manipulative acts and practices in this market” in March.**
“It’s conceivable that the Trump administration could argue that the anonymity of Bitcoin is enabling both the drug trade and international terrorism, crimes that have been continually used to justify new powers for U.S. law enforcement. Or perhaps U.S. government could even identify ransomware as the growing risk it has become for consumers, the healthcare industry and local governments, along with the burgeoning risks of the cyber-extortion of ‘Internet of Things’ devices.”
A small change that could make a big difference
U.S. and European officials could make a major dent in the availability of Bitcoin with a relatively simple change. “Bitcoin exchange accounts could be required to be tied to a physical address,” Sullivan says. Currently it takes just minutes – or seconds – to open a Bitcoin account in a third-party market. This requirement would require an activation code that’s mailed to you before an account can be opened. While this wouldn’t affect criminals who do business out of Russia and China, it would make their attacks far less profitable.
“The exchanges would hate it. But given the hundreds of millions of dollars being extorted every few months, it seems appropriate,” Sullivan says. “Barring this or a similar step, exponential growth of malware families delivering these threats seems to be the only other option.”
But time is of the essence, Sullivan stresses.
“Ethereum is now trading at similar trajectory as Bitcoin,***” he says. “If governments don’t act now to come up with a strategy for dealing with digital currencies, it’s not going to get any easier.”
Bitcoin Friction Is Ransomware’s Only Constraint – Sullivan’s research into the “customer portal” of a family of cypto-ransomware known as “Spora” reveals that the criminals run their operations like an actual business with regularly scheduled spam runs to lure in new victims. And while the crooks are flexible about deadlines, the method of payment is non-negotiable: it must be in Bitcoin.
“We should be thankful that there are at least some limits on purchasing Bitcoin. If it were any easier to do so, very little else would check the growth of crypto-ransomware’s business model,” Sullivan says. “The malware technology to encrypt data has been possible for many, many years; the bigger challenge has always been getting paid.”