Cyber ransoms fatten bitcoin wallets

Capturing and holding data hostage in exchange for a fixed sum is hardly a new phenomenon, but security experts were uneasy about the global scale of last week’s WannaCry ransomware attack. It affected hospitals and organizations in more than 150 countries. It was not just data held hostage, but factory workers unable to work and critically ill patients unable to receive treatment, experts stated.

A group known as the Shadow Brokers exploited vulnerabilities in Microsoft Windows PCs, which it claims to have stolen from U.S. intelligence agencies. The United Kingdom’s National Health Service; Spain’s telecom carrier Telefonica; and businesses in Russia, the Ukraine and Taiwan were among those affected. Victims, who received instructions for buying back encrypted data, learned that bitcoin is the only accepted payment method.

The FAQ page titled, “Oops, your files have been encrypted!” includes links for bitcoin novices on how to establish a bitcoin wallet. Sources at U.K. hospitals said they were given 72 hours to make payment or hackers would double the ransom price. Failure to pay after seven days would result in permanent forfeiture of files, they added.

Ongoing investigation

Phillip Misner, Principal Security Group Manager at Microsoft, said the company released software patches for Windows 7 and higher to protect against Shadow Broker exploits. Britain’s National Cyber Security Centre said approximately 40 NHS hospitals that were using Windows XP and older versions of Windows were affected by the breach. NHS Digital said the investigators saw links to the Wanna Decryptor ransomware scheme used in previous attacks and said they will continue to work with those affected to confirm details. The security community is also concerned by hackers’ access to U.S. intelligence. Experts said the Shadow Boxers infiltrated the National Security Agency and have periodically leaked classified data. Google and Kaspersky researchers found similarities between the group’s digital footprint and malicious code used by North Korean hackers in the Sony data security breach. These claims are yet to be substantiated.

Bitcoin’s black hats, white hats

Bitcoin advocates are concerned the WannaCry ransomware incident may unfairly implicate bitcoin technology, a digital form of cash. They believe criminals may be attracted to the anonymity of bitcoin and other digital currencies, but financial institutions and government and private-sector enterprises worldwide have also found numerous benefits and use cases for distributed ledger technologies like bitcoin.

The Block Chain Alliance, recently established by the U.S. Department of Justice, Secret Service and assorted government agencies, is working on potential use cases for bitcoin in law enforcement. The trade group sees potential for using the technology to track online wallets and cross-border digital currency transactions. The group’s mission is to establish a dialog between law enforcement and regulatory agencies to combat criminal activity on the blockchain.

“The Blockchain Alliance is a public-private forum created by the blockchain community,” the group stated on its website. “We are a broad coalition of companies and organizations who have come together with a common goal – to make the blockchain ecosystem more secure and to promote further development of this transformative technology.”

Editorial Note:

Whether you want to upgrade your POS offerings, find a payment gateway partner, bone up on fintech regs or PCI requirements, find an upcoming trade show, read about faster payments, or discover the latest innovations in merchant acquiring, The Green Sheet is the resource for you. Since 1983, we've helped empower and connect payments professionals, starting with the merchant level salespeople who bring tailored payment acceptance and digital commerce tools, along with a host of other business services to merchants across the globe. The Green Sheet Inc. is also a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals.

Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.