Beyond Bitcoin for Ransomware

By on May 31, 2017

Ransomware is bringing Bitcoin into popular culture and raising awareness about cryptocurrencies. In May, the price of Bitcoin surged to over US$2,800 before retreating. It remains the “go to” digital currency for ransomware authors due to its relative anonymity, ease of use, and popularity.

As the ability for the public to acquire digital currencies other than Bitcoin becomes easier, cybercriminals will look to these alternatives to Bitcoin for funding malicious activities. In fact, hundreds of cryptocurrencies are now available on public markets. Some of these emerging “altcoins” offer improvements over Bitcoin in features cybercriminals value, such as anonymity and privacy, and are already used in illicit transactions on the dark web. Monero, for example, is gaining popularity on the dark web. Dash and Zcash also focus on techniques to keep financial transactions private and anonymous.

Arguably, the most popular cryptocurrency after Bitcoin is Ethereum. However, unlike Bitcoin, Ethereum is also a platform that allows developers to build applications – called “smart contracts” – that execute as part of a blockchain. Numerous industry efforts make interacting with the Ethereum blockchain easier for developers:

As development platforms for building applications and products on public blockchains evolve, the ability to leverage these for criminal activity will also increase. Cybercriminals will soon start building applications on blockchains, such as Ethereum, to automate the process of payment collection. For example, cybercriminals could build smart contracts into their ransomware packages. Encryption keys could be created and released on infection, and after subsequent payment to the smart contract, the package could ‘self-destruct’ and remove itself from the blockchain.

As with any new technology that holds the promise of solving important and legitimate technical problems, that same technology can be used to enable illegitimate activity. Understanding what that activity can be, where the potential for misuse is, and how to identify it when it occurs is going to be increasingly important for security professionals, especially as blockchain development becomes more prevalent in enterprise organizations.

About the Author

Eric Wuehler

Eric Wuehler is a Principal Engineer in the Office of the CTO at McAfee. He is a seasoned developer and architect with more than 20 years of experience in product innovation, research and development with a strong focus in security since 2004. In his free time, Eric pokes around with mobile development, wires together homemade ...

Read more posts from Eric Wuehler

Subscribe to McAfee Securing Tomorrow Blogs