Companies stockpiling Bitcoin in anticipation of ransomware attacks

Posted May 20, 2017

WannaCry, which started last Friday, is the biggest ransomware attack the world has seen so far.

But WannaCry does at least one thing well: Flawlessly encrypts all the files on an affected machine. Instead, whenever you trade in bitcoin, you use a so-called private key associated with your wallet to generate a bit of code - called an address - that is then publicly associated with your transaction but with no personal identifying information. After the attack, it fell, but has since regained ground.

Cyber-criminals on Friday unleashed a vicious attack globally, encrypting files stored within computers and demanding $300 or $600 in bitcoins to unlock or restore the documents.

Even as the world is facing the brunt of WannaCry ransomeware attack, Himachal Pradesh is so far "protected" from the deadly malware. Given that a week hasn't passed since the first reports of infections, it's possible there will be another surge of payments over the next week.

Bitcoin is the mother of all cryptocurrencies.

The irreversible nature of transactions means that stolen bitcoins diverted to another wallet, due to hacking or dishonest trading partners, can not be reversed and recovered. The idea here is that a buyer shows up with an amount in cash, cash they had no trouble acquiring because their money isn't all tied up in bitcoin, and they hand this cash to the bitcoin seller. Now, it's been revealed that the bitcoin "wallet" used to receive WannaCry's ill-gotten digital gains has raised only a bit more than $69,000.

At the same time, however, the Bitcoin blockchain is also completely transparent. The USP of bitcoin, however, remains in the fact that it can not be traced back to those availing it. If they ever do try to move the funds without taking appropriate precautions, they could get caught.

What Can You Do About Ransomware?

An analysis of the ransomware on the blog of software company Check Point suggests it is highly unlikely the hackers ever meant to decrypt the files for several reasons. Even after payment, the ransomware doesn't automatically release your computer and decrypt your files, according to security researchers.

The solution, therefore, is as simple as it is boring: make sure your operating system is up to date and secure. "It's particularly galling because this attack potentially endangered the lives of many".

Smith has argued in the past that digital weapons need to be treated in the same way as physical ones, governed by a "Digital Geneva Convention" that would limit the stockpiling of computer vulnerabilities that can cause widespread damage if they end up in the wrong hands.

Meanwhile, in a development early Tuesday morning, anti-virus provider Kaspersky said it had found what appeared to be proof of possible links between WannaCry and Lazarus, a hacker collective widely believed to be run by the North Korean establishment.

Furthermore, you should make sure to back up your data regularly. When such an attack happens, you will be blocked from access to the data unless you pay a ransom.

The extent of the damage caused to computers around the world, the number of victims and the sheer number of companies concerned is likely to push global investigators and national security agencies to investigate the bitcoin address to which any ransom money has been paid.

Though, of course, this is easier said than done.

Both Hickey and Horowitz said they haven't heard of any cases where victims successfully freed their computers by paying the ransom.