Following Bitcoin ransoms reveals billion dollar cyber-crime

News by Roi Perez

F-Secure's Mikko Hypponen tells how the company is now tracking ransomware Bitcoin wallets to reveal the huge amounts of money the gangs are making.

Are we about to witness a ransomware unicorn? According to Mikko Hypponen, chief research officer of Finnish F-Secure, we are. But there's a caveat. 

A unicorn is a startup business which has received the valuation of a US$ 1 billion dollars (£757 million) or more. Think AirBnB, Uber, or Spotify.

In an interview with, Hypponen explained: "Bitcoin is based on Blockchain, and Blockchain is a public ledger of transactions. So all Bitcoin transactions are public. Now, you don't know who is who. But we can see money moving around, and we can see the amounts."

Bitcoin has not only changed the economics of cyber-crime by providing crooks with an encrypted, nearly anonymous payment system autonomous from any central bank. It's also changed researchers' ability to track how much money criminals are making.

Hypponen detailed how F-Secure is tracking over 100 wallets, the biggest of which contains over 12,000 Bitcoins (over £5 million). And interestingly, Hypponen says there appears to be a lot of gangs who aren't cashing out.

Ransomware gangs have to continually imagine new ways to turn their Bitcoin into currency.

"They buy prepaid cards and then they sell these cards on Ebay and Craigslist," said Hypponen. "A lot of those gangs also use online casinos to launder the money."

But even that's not easy, even if the goal is to sit down at an online table and attempt to lose all your money to another member of your gang. Hypponen explains that: "If you lose large amounts of money you will get banned. So the gangs started using bots that played realistically and still lose – but not as obviously."

Law enforcement is well aware of the extremely alluring economics of this threat. In 2015, the FBI's Internet Crime Complaint Center received "2,453 complaints identified as Ransomware with losses of over US$ 1.6 million (£1.2 million)."

In 2016, hardly has a month gone by without a high-profile case such as Hollywood Presbyterian Medical Center paying 40 Bitcoin, about US$ 17,000 (£13,000)at the time, to recover its files. And these are just the cases we're hearing about.

The scam is so effective that it seemed that the FBI was recommending that victims actually pay the ransom. But it turned out their answer was actually more nuanced.

"The official answer is the FBI does not advise on whether or not people should pay," Sean Sullivan, F-Secure security advisor, writes. "But if victims haven't taken precautions… then paying is the only remaining alternative to recover files."

Hypponen went on to explain the idea of a Bitcoin mixmaster, that's not a DJ, rather someone who assists with money laundering. It is an entity who takes money from lots of people and gives back the same amount. The idea is that if someone was attempting to track the money, it really couldn't be proven where it came from or where it went.

When asked if he could ever see if there will ever be an end to the blight of ransomware, Hypponen claimed that there unfortunately there, “currently isn't one.”

He doesn't point the finger at Bitcoin itself, as he says it is simply an algorithm, and not something which can be regulated.

Instead Hypponen highlights the importance of having great backups in place so that when it does happen, you're well prepared.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews