Expert finds more North Korea links in ransomware attack

Posted May 19, 2017

In 2013, the US government arrested Ross Ulbricht, the founder of a major underground drug market, and seized more than $3.5 million worth of bitcoin.

What's more, the hackers' decision to use the digital currency bitcoin to collect the ransom money is likely to make it tough for them to withdraw their ill-gotten gains without being caught.

Bitcoin is a digital currency invented by Satoshi Nakamoto, the pseudonym of an unknown programmer or a group of programmers. Without the relevant key with which to unlock the transaction, trades in bitcoin are totally secure, documented in the distributed ledger and then reflected within the eWallets of both the sender and the receiver.

South Korea was mostly spared from the latest ransomware attack, partly because the constant threats have made the government and companies careful about always updating their software.

New payments are coming in regularly, according to Ransom Tracker, a Twitter bot that is sending out automated messages and posting every time a payment is made to one of the three bitcoin addresses.

Since the deadline passed for those hit on Friday, only $50,000 has been paid in ransom so far, as of early Monday, according to Elliptic Enterprises Ltd., a London-based company that tracks illicit use of bitcoin.

Nothing has yet been withdrawn from any of the bitcoin accounts, and law enforcement agencies watching them say the perpetrators could be hard to trace until they access some of the ransom money.

You can use bitcoin the same way, but unlike a credit card, the transactions you make using the currency are completely anonymous. "It's not unique in North Korea but it's also not a very common method". One of the most basic ones is a technique known as "chain-hopping", whereby money is moved from one cryptocurrency into another, across digital currency exchanges - the less-regulated the better - to create a money trail that is nearly impossible to track.

Here's a refresher on bitcoin and how it's connected to the ongoing security issue. Transactions and accounts can be traced, but the account owners aren't necessarily known.

Easier, perhaps, would be for cybercriminals to use next-generation cryptocurrencies that have built-in anonymity from the start, such as Monero, Dash and Z-Cash.

The extortion scheme created chaos in 150 countries and could wreak even greater havoc as more malicious variations appear. The wallets show each payment that victims have sent in hopes of regaining access to their files.

"This used to happen in bitcoin before it became big - there were loads of botnets that went into computers that used to mine bitcoin, but you now can't basically mine bitcoin on normal computers because you need specialist hardware", said Chainalysis CEO Jonathan Levin. And why do the attackers want payment in that currency?

They may have their work cut out: the global bitcoin market sees roughly 250,000 transactions a day.