In the latest round of ransomware attacks, a version of malware called either WannaCry or WanaCrypt0r has been spreading around the globe at an almost unstoppable rate, affecting at least 150 countries so far. But this is certainly not the first instance of widespread ransomware.
While ransomware existed prior to the advent of Bitcoin, its rise in popularity has paralleled that of cryptocurrencies. While all Bitcoin transactions are recorded in a public ledger called the blockchain, it is almost impossible to trace the origins of a transaction to a person, making it the ideal currency for privacy enthusiasts and cybercriminals alike.
The typical ransomware scheme goes something like this: the criminal sends a phishing email or conducts a malvertising campaign, and an unwitting victim’s computer becomes infected with malware. Once infected, the scammer can then encrypt the files and demand a “ransom” be paid in exchange for the decryption key. Since Bitcoin is difficult to trace, it is often the currency of choice for scammers and criminals. As Bitcoin and other cryptocurrencies have become more popular, more people are able to exchange their local currency for Bitcoin in order to pay off the scammers, which then incentivizes criminals to carry out even more schemes.
In fact, ransomware has grown so effective at generating a profit for scammers for relatively little effort, that some criminals have branched out to providing “ransomware-as-a-service” to other criminals. For only around $400, you, too, can start extorting money from innocent computer users around the globe. Far from a victimless crime, this latest round of ransomware through the WannaCry malware infected a large swath of the computer infrastructure at the UK’s National Health Service, which oversees many hospitals and clinics. At some hospitals, patients were turned away because the ransomware attack left hospital computers useless.
While ransomware has long been a menace to victims and a drain on the economy, with hospitals and other critical infrastructure being more frequently targeted, we can only hope that governments and corporations will take note of the crisis, and take rigorous steps to protect these systems in the future.