What IT Solutions Providers Need To Know About Bitcoins And Cryptocurrency

By Stu Sjouwerman, founder and CEO, KnowBe4

“This is our world now. The world of the electron and the switch; the beauty of the baud. We exist without nationality, skin color, or religious bias.” – Hackers, 1995

Bitcoins are a form of cryptocurrency, meaning they do not have a physical representation. Instead they are stored in an online exchange in anonymous wallets. They can be transferred anywhere in the world via the Internet. They can be paid from anywhere, to anywhere with total anonymity. The long and short of it is: They are the ideal form of payment for illicit activities and hackers. 

It could be argued that cryptocurrency is one of the enabling factors of ransomware. After all, if the hackers couldn’t accept payment safely, then the software would have no value. With the rise of Bitcoin has come a rise in ransomware.

Despite the above, using or owning Bitcoin is not an inherently criminal activity at all. Many respected companies accept Bitcoin and it is used the world over in non-criminal ways. However it is relatively new so the lack of information associated with it can scare people. Especially if their first encounter with Bitcoin is paying some hacker to unlock their files.

Some quick facts about bitcoins:

• Bitcoins are commonly abbreviated as BTC.
• The Price of bitcoins is constantly fluctuating. At the time of this writing 1 BTC is roughly $230.
• You can buy partial bitcoins. For example, you can buy 0.5 BTC (half of a bitcoin). An individual bitcoin can be split in up to many extremely small fractions.
• There will only ever be 21 million bitcoins in circulation once they are all available.

Bitcoin is a very speculative currency that is relatively easy to manipulate compared major currencies, and subject to massive increases and drops in value. Currently the falling BTC value forces ransomware mafia to immediately convert their ill-gotten bitcoins to hard currency. 

Bitcoins are commonly used for money laundering by nefarious groups and moved almost immediately. Most of them try to avoid the volatile value of bitcoins and use it as a layer of obfuscation, and then move it to a different form of currency.

Malware operators are very good at laundering their ransoms into other online currencies or they use money mules who launder the funds in exchange for commissions. Botnet owners are also getting in on the scam by installing ransomware on machines to get a cut.

What To Do About It

• The rule “Patch Early, Patch Often” still applies, but these days, better to “Patch Now” all workstations for both OS fixes and popular third-party apps that are part of your standard image rolled out to end users. A product like Secunia can scan for all unpatched third-party apps.
• Make sure your backup/restore procedures are in place. Regularly TEST, TEST, TEST if your restore function actually works. The latter is often overlooked.
• End users need to be stepped through effective security awareness training so that they are on their toes with security top of mind when they go through their email or browse the web.

For a complete hostage rescue manual, go to http://info.knowbe4.com/ransomware-hostage-rescue-manual-0. This will provide all you need to prevent infections, and know what to do when you are hit. It also includes a Ransomware Attack Response Checklist and Ransomware Prevention Checklist.

Stu Sjouwerman is the founder and CEO of KnowBe4, which hosts integrated a security awareness training and simulated phishing platform. Realizing that the human element of security was being seriously neglected, Sjouwerman teamed with Kevin Mitnick, the world’s most famous hacker, to help organizations manage the problem of cybercrime social engineering tactics through new school security awareness training. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.