Verimatrix Labs: A New Illegal Business Model that Makes You WannaCry
This past weekend did not only mark the largest ransomware attack, but, I am afraid also the birth of a new criminal business model into the mainstream that may measure up to categories like spam, viruses and piracy.
The WannaCry ransomware attack is automating several elements that otherwise make ransom a tricky crime:
- The ransom note does not have to be assembled from cut-out letters but can be communicated on-screen (which even happened publicly at this display of the German Railway)
- The target is not carefully chosen, but using a virus, everyone vulnerable is attacked
- Bitcoin enables money transfer without having to throw cash out of a train window
While this is not a new concept, nor the largest crime involving bitcoin, nor, at $300, a particular high ransom, the threat was launched into the public awareness at a new scale, affecting an estimated 230,000 affected systems so far.
The publicity of this attack sets a precedent for a criminal business model that can be observed and, if successful, will be reproduced. Unlike the typical ransom, here, the success and payment amount is public. Bitcoin enables payment to an anonymous destination and while the link to a person cannot be observed, the destination and all transactions are in a public ledger.
I found the destination addresses that are provided for ransom payments, each showing the transaction the address has received: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94, 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw, and 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn. The ransom payments (each around $300 or 0.17 bitcoin) added up to about $55,000 this morning.
The other element that can also be observed is the spending or sending of bitcoins. While such a transfer is also not linked to a person, it is still traceable. So, whether or not a trace can be successfully obfuscated or laundered is, I believe, a crucial element to evaluate the risk involved with this crime.
While a hunt is underway to identify the criminals, similar investigations have only been partially successful. It is important to keep in mind that bitcoin was only a component and is not the key to an arrest.
Either way, this future development will set an important precedent for similar this crimes we are bound to face in the future.
UPDATE, May 24: Ransom payments just hit $100k. It will be interesting to see when / if the money starts moving ...