Up to this point, there have been two main reasons people decide to use bitcoin— either for censorship-resistant payments or as a store of value. However, in 2016, a new application for the use of Bitcoin as a censorship-resistant payment system, ransomware, experienced immense growth.
According to some industry watchers the core issue with ransomware today is the general lack of strong security practices. Ransomware is a type of malware that either encrypts a user’s files or completely locks them out of a computer. The only way to regain access to the files or computer is to pay a ransom to the hacker.
While ransomware has been around since at least the 1980s, the ability for hackers to receive payments via Bitcoin has greatly improved its effectiveness.
The Rise of Ransomware in 2016
The rise of ransomware in 2016 was recently documented in a report from IBM. In the report, it is revealed that 40 percent of all spam emails now contain ransomware in one form or another. The study also found that 70 percent of businesses that fall victim to ransomware end up paying the ransom. The payments required by hackers are often more than some would expect, with 20 percent of businesses that paid a ransom reporting payments of more than $40,000 to regain access to their files or computer systems.
Ransomware is on pace to become a $1 billion per year industry for an obvious reason: The business model works. An individual or business can sometimes be faced with a greater financial loss if they’re unable to regain access to their digital files. Even the FBI understands the need for some digital ransoms to be paid.
“While the FBI does not support paying a ransom, it recognizes executives, when faced with inoperability issues, will evaluate all options to protect their shareholders, employees, and customers,” noted a recent public service announcement from the FBI.
The $1 billion estimate comes from numbers released by the FBI, who reported payments of nearly $25 million in 2015. Two of the most high-profile cases of ransomware infections this year were the light rail network in San Francisco and a hospital in Hollywood.
At $1 billion, the ransomware market appears to be comparable to the darknet market drug industry, which the most recent report pegs at $300 million per year. Of course, those are only public sales on publicly-accessible darknet markets. The true size of the darknet markets is difficult to quantify, and it is likely much larger than what has been suggested by various studies.
What is Bitcoin’s Role in Ransomware?
Due to the efficiencies Bitcoin brings to ransomware payments, many have pointed to the P2P digital cash system as one of the key tools driving this rapid expansion of profitable malware.
“[Bitcoin] is helping,” Kaspersky Lab’s David Emm told ZDNet earlier this year. “I think that’s definitely true. The existence of effectively anonymised payment mechanisms definitely plays into the hands of cybercriminals.
As mentioned previously in this article, Bitcoin is not a requirement for ransomware to be effective. Having said that, it’s much more difficult to receive a ransom payment when police are able to surveil a specific mailing address. Most traditional online payment methods, such as PayPal, also leave a trail for authorities to track.
Coin Center, which is a non-profit organization that advocates a light regulatory climate for Bitcoin, has a different view on the matter. According to Coin Center’s Peter Van Valkenburgh, the core issue with ransomware is the lack of strong security practices that would prevent hackers from getting into the computer systems of governments and large corporations in the first place.
“In the hospital context, for example, it’s already a security and privacy disaster that random hackers in Russia can access, read, modify, and delete all of your sensitive medical records,” Van Valkenburgh has written. “Whether the hacker then encrypts the files, or demands a ransom is a secondary issue; the damage is already done. Failing to keep those records private and safe puts patients in danger of discrimination, personal blackmail, and, of course, poor or compromised care.”
Is There a Silver Lining to Ransomware?
If there’s a bright side to look at in a world where ransomware is rampant, then it’s the fact that this form of malware creates incentives for individuals, businesses, governments, and other entities to get serious about computer security. Every computing device, from a laptop to a smartphone, now has a sometimes costly exploit bounty attached to it. In addition to protecting their most precious secrets, Internet users are now also compelled to secure their devices for financial reasons.
Check our run-down on best practices on how to protect your digital gold here, and watch-out for our follow-up post on how to protect yourself against ransomware specifically. What do you think about ransomware’s ability to incentivize better security practices? Let us know in the comments below!
Images courtesy of Shutterstock, IBM
Do you want to talk about bitcoin in a comfortable (and censorship-free) environment? Check out the Bitcoin.com Forums — all the big players in Bitcoin have posted there, and we welcome all opinions.