Another week, another ransomware attack. Another attack encrypting data and demanding a ransom be paid in bitcoin to get that data back.
The latest incident, Petya, seems to have originated in the Ukraine and has even affected the monitoring of the old Chernobyl nuclear power plant. It comes on the heels of Wannacry which impacted hundreds of thousands of computers across the world and netted about $170,000 for its creators.
In both cases, a bitcoin ransom is demanded to decrypt the user’s hard drive. It is generally not a good idea to pay the ransom as a decryption key is often not provided even after payment.
Even though the crime appears sophisticated, it is not very different to how criminals operate in the real economy, and the mechanisms to catch them are similar. For law enforcement, keeping a watch on the asset will often catch the criminal. For property professionals, it is a timely reminder that property sales and title transfers need good due diligence to ensure we are not helping criminals.
For ransomware attacks, the asset law enforcement agencies watch are the Bitcoins used in the payments themselves. Bitcoin uses an open ledger bitcoin, a blockchain, to track who owns which bitcoins, while the ledger is available for all to see and to track. Every bitcoin payment ever made can be seen by anyone with a reasonable network connection and a modern computer.
Therefore, the ransom payments can be tracked and the ‘wallets’ they are paid to can be monitored. The criminal owners of these wallets have a big challenge to overcome – getting the bitcoins out of the wallet could easily identify them and leave them open to be arrested. For law enforcement agencies, identifying and catching these criminals requires co-operation between different governments, internet service providers and the ‘white hat’ hacker community, but it is not an insurmountable challenge.
There is already a Twitter feed monitoring the wallets that are receiving ransom payments for the Petya attack, and as of 28 June, these totalled only 1.75 bitcoins, about A$5,000.
Bitcoin is a lot easier to track than cash which can be stored in a suitcase, and only surfaces when a property or other major asset is purchased. Many criminals will eventually want to convert their proceeds of crime into assets, be they property or shares or vehicles.
Co-operation between government agencies can include state governments working with land title offices and the tax office, in the case of property purchased with proceeds of crime.
Property data providers that track listings, rentals and ownership transfers can alert authorities to transactions that are unusual, such as a transfer of property between unrelated parties without any prior listing advertisements. Adding tax data, or lack thereof, and asset ownership data can also identify transactions that are suspect.
What authorities are looking out for are buyers with enough funds to purchase a property, but not enough proof of where the funds came from. With ransomware, the fund’s origins are clear – a criminal enterprise.
Catching the criminal still requires good old detective work and collaboration between different agencies, private organisations and governments. The Silk Road illegal marketplace used bitcoin and was brought down via an analysis of traffic which led to a server hosted in Iceland.
We should encourage new technologies that make our lives easier, but be vigilant to protect ourselves and our clients, and help to catch those who seek to prey on our technological weaknesses.