In Ransomware Battle, Bitcoin May Actually Be an Ally

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Critical Infrastructure Security
Endpoint Security
Fraud Management & Cybercrime

Webs of Criminality Are Recorded on Bitcoin’s Blockchain

June 17, 2021    

In Ransomware Battle, Bitcoin May Actually Be an Ally
A bitcoin mining facility in Farnham, Canada, run by Bitfarms. (Photo: Bitfarms)

The role of bitcoin in the ransomware payments pipeline is clear: it’s enabled fast, enormous payments with some degree of privacy.

See Also: Live Webinar | The Role of Passwords in the Hybrid Workforce

How to deal with bitcoin and other crytocurrencies in the battle against ransomware is the subject of a spirited debate. Some have labelled bitcoin as a prominent foe and, as in this Wall Street Journal opinion piece, called to ban it. Others say the payment method used for ransoms is largely a red herring. If bitcoin was gone, the traditional banking system would be used.

What should be done about bitcoin in the battle against ransomware? Actually, the status quo isn’t so bad. 

Disrupting the flow of money to criminal enterprises is a traditional law enforcement technique. If the money stops flowing, or it becomes too onerous or risky to get paid, criminals tend to move to the next scheme that satisfies the risk-reward balance.

Policy makers and governments are looking for disruptive levers to slow a siege against businesses and critical infrastructure. Ransomware has reached a scale that it’s becoming a political problem for leaders and a tense…


Long Island Man’s Bitcoin In Limbo As Hackers Target Cryptocurrency Exchanges

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

NEW YORK (CBSNewYork) — Hackers are now targeting cryptocurrency exchanges like Coinbase and leaving investors without access to their bitcoin.


Load Error

As the interest in cryptocurrency continues to climb, the safety and security of investment apps are being called into question.

CBS2’s Natalie Duddridge spoke to a Long Island man whose bitcoin is now in limbo.

“I do believe my account was hacked. It had to be,” Frank Pinto said.

Pinto started investing in bitcoin in 2017.

He used an app called Coinbase, which is like a stock exchange for cryptocurrency.

A few months ago, he tried to log in and got an alert instead saying, “Sorry, account temporarily disabled. Please contact support.”

He tried, but Coinbase has no phone support, so he emailed dozens of times. They finally responded saying: “You will receive a response from the customer complaints officer within 15 business days.”

Pinto then got a call from someone claiming to be from Coinbase and allowed them remote access to his computer. He later learned it was hacker.

“So they were … taking all these steps that you think are legitimate. At some point through that remote access, they said to me, ‘You should log into your bank account since it’s associated with your Coinbase account,’” Pinto said. “And that’s when I hit panic mode and said, no, no, this is definitely a b.s. call.”

But it was too late. Pinto says a hacker managed to drain hundreds of dollars from his regular bank account, which was eventually returned to him. But he still can’t get access to his Coinbase account, which is frozen with more than $20,000.

Duddridge spoke to tech expert Ian Marlow, with FitechGelb.

“Is Coinbase and other crypto exchanges, are they safe to use?” she asked.

“I think the jury is obviously out on that. It’s exciting … Legal has to catch up to technology,” Marlow said. “People then will start to look at situations like this and say regulation will become important.”

Until then, Marlow says the onus is on consumers to understand the risks associated with investing in unregulated assets.

“Would you use Coinbase again after this?” Duddridge asked Pinto.

“I’m not…


US Recovers Millions In Bitcoin Paid During The Colonial Pipeline Attack

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

U.S. officials announced in a press conference Monday afternoon the successful recovery of some of the funds paid in the recent Colonial Pipeline hack. Deputy Attorney General Lisa Monaco of the Department of Justice noted that the scope of the investigation involved “…going after an entire ecosystem that fuels ransomware and digital extortion attacks including criminal proceeds in the form of digital currency.” Monaco declared, “…we will continue to use all of our tools and all of our resources to increase the cost and the consequences of ransomware attacks and other cyber-enabled attacks.” Paul Abbate, the deputy director of the FBI, said the bureau successfully seized the ransom funds from a bitcoin wallet that DarkSide used to collect Colonial Pipeline’s payment.

Colonial Pipeline temporarily shut down its operations on May 7 after Russian-based criminal hackers from the organization DarkSide broke into its computer system, stalling a company that provides almost half of the fuel to the East Coast of the U.S. While Colonial Pipeline ended up paying $4.4 million in digital currency, the amount that was recovered today was not revealed.

The United States Department of Justice had recently instructed the U.S. Attorney’s Offices across the country to coordinate cases involving ransomware, cyberattacks, and illicit marketplaces with a newly created ‘Ransomware and Digital Extortion Task Force’. According to Monaco, the Task Force was established to investigate disrupt, and prosecute ransomware and digital extortion activity. “This is the Task Force’s first operation of its kind,” said Monaco.

Message To U.S. Corporations: Improve Your Computer Security Now

According to Monaco, these types of ransomware are more diverse, sophisticated, and dangerous to which no organization is immune. Monaco specifically addressed U.S. corporations in the press conference that the , “…threat of…


DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized – Krebs on Security

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained the cryptocurrency from an account the group uses to pay affiliates.

“Servers were seized (country not named), money of advertisers and founders was transferred to an unknown account,” reads a message from a cybercrime forum reposted to the Russian OSINT Telegram channel.

“A few hours ago, we lost access to the public part of our infrastructure,” the message continues, explaining the outage affected its victim shaming blog where stolen data is published from victims who refuse to pay a ransom.

“Hosting support, apart from information ‘at the request of law enforcement agencies,’ does not provide any other information,” the DarkSide admin says. “Also, a few hours after the withdrawal, funds from the payment server (ours and clients’) were withdrawn to an unknown address.”

DarkSide organizers also said they were releasing decryption tools for all of the companies that have been ransomed but which haven’t yet paid.

“After that, you will be free to communicate with them wherever you want in any way you want,” the instructions read.

The DarkSide message includes passages apparently penned by a leader of the REvil ransomware-as-a-service platform. This is interesting because security experts have posited that many of DarkSide’s core members are closely tied to the REvil gang.

The REvil representative said its program was introducing new restrictions on the kinds of organizations that affiliates could hold for ransom, and that henceforth it would be forbidden to attack those in the “social sector” (defined as healthcare and educational institutions) and organizations in the “gov-sector” (state) of any country. Affiliates also will be required to get approval before infecting victims.

The new restrictions came as some Russian cybercrime forums began distancing themselves from ransomware operations altogether. On Thursday, the administrator of the…