Ransomware, Colonial, Bitcoin, and the FBI

Press reporting mistakenly believes that it is possible for Malware containing Ransomware to be deployed by magic.

The reality is that either somebody in Colonial clicked on a link which began the deployment of the Malware, or that credentials were seized and then used to unlock a pathway into Colonial’s network. Neither would not have happened if Colonial had invested in better Cyber Security Awareness.

The fear factor of the potential disruption encourages the idea that the correct course of action when victim of a successful ransomware attack, which prevents you from accessing computer systems or data until a ransom is paid, is to pay the ransom.

This is against the advice of most law-enforcement agencies around the world increasingly urging victims not to pay. Obviously, paying encourages more attacks.

When a company or organisation pays, it transparently shows the world how vulnerable they are, and that the protocols and procedure alongside backing -up systems are not effective. Once tarnished with the reputation for paying ransoms, you are 6000% more likely to be targeted with another ransomware attack in the next 12 months, than those that refuse to pay.

However, by far the most intriguing element of the ransomware attack and payment of the ransom, is that the FBI are claiming to have recovered most of the ransom.

In part this has been made possible by the expansion of regulatory improvements to KTC and AML. Exchanges are more diligent in making sure their customers are validated through KYC and they regularly run AML checks and monitor accounts for signs of money laundering.

The exchanges and cryptocurrencies have never been as anonymous as is portrayed in the media. A cryptocurrency public ledger is a record-keeping system. The ledger maintains participants' identities anonymously, their respective cryptocurrency balances, and a record of all the genuine transactions executed between network participants. This is where the confusion over anonymity exists, as with all blockchain there is a distributed ledger of all transactions, so all the transactions ever made for each cryptocurrency are recorded on a single blockchain, holding its entire history. For law enforcement to establish who is behind an account requires a court to grant access to the exchange contact information and all anonymity is lost.

The FBI are also not releasing the transaction history which is leading to further speculation that the passkey for the account was hacked by the FBI, it may well have been, it makes sense for the FBI to obfuscate the methods they used, as whilst the hackers are highly talented and have abilities to break into networks that are evolving, as with most crimes, washing the money and converting your ransom into a bank account of actual cash you can actually spend remains the most difficult part of the criminal endeavour.

To make it more difficult, DO NOT pay the ransom.

To make it even more difficult for a Ransomware attack to be successful increase the cyber security awareness within your organisation.