“They( criminals) use Bitcoin for the money laundering part and take payment with it, but they’ll move it out almost immediately. Most of them won’t keep bitcoins – they don’t like the valuations Bitcoin has – so they just use it as a layer of obfuscation, and move it to a different form of money.” Etay Maor, senior fraud prevention strategist at IBM Security told to The Register.
The reason for this is easy to understand when you realize that in December 2013 Bitcoin was worth US$1,147 (1,055€, £ 758) and the current value is US$238 (£158, €216).
Authors of Ransomware use to accept only bitcoins payments to unlock the system of encrypted files because the pseudo anonymity of its transactions.
Etay Maor added that malware masterminds and operators launder their ransom bitcoins into other online currencies or using “mules” and convert the funds through their accounts in exchange for a commission.
These “mules” are normally recruited online, but their profile differs from each other, depending on the mule’s geo location. For example in Europe, mules are generally retirees looking for some extra income, working from home, but for example in Asia , who most common profile of “mules” this role is played by students looking for an extra income, where they get between 15 and 20% of the laundered money.
In any of these cases, most of them don’t actually know what they are doing, until law enforcement shows up in their front door, and the malware creation continues on the loose, going on with the classic extortion scheme.
Nowadays we are also starting seeing botnet owners entering in the scam, by offering to install ransomware on machines, and also seeing ransomware spreading in websites, by gradually encrypted the website’s database.
Since it doesn’t exist an effective way to block these threats, please be careful with any type of emails you receive, back up your data regularly and store your backup’s offline.
About the Author Elsio Pinto
(Security Affairs – ransomware, Bitcoin)