If a company is hacked, the blackmailers often demand Bitcoin as ransom. But all is not always lost for companies that pay. Experts can track the extorted coins – and possibly get them back. Check this link if you want to learn more about bitcoin.
At first, all seems lost. If a company is hacked, data is encrypted, or the entire operation is paralyzed, in most cases, there is a ransom demand. And the hackers usually do not ask for euros or dollars but cryptocurrencies such as Bitcoin.
So no envelope with lots of banknotes is placed somewhere for anonymous delivery. Instead, the ransom is paid virtually, via the blockchain, a decentralized data protocol, to the hackers’ virtual wallet. Is it irretrievably gone?
Not necessarily. The advantage of the blockchain:
Theoretically, everyone can track where the paid redemption bitcoins are moving. But to track paid ransom, special crypto investigators are usually required. These lost coin hunters are often called tracers in the virtual money world.
One of them is the Austrian Max Bernt. He studied international criminal law but quickly specialized in money laundering in the crypto sector. Bernt is now the chief legal officer at the crypto company Blockpit and is primarily responsible for the exchange with the investigative authorities. The Austrian startup has developed software that can track hacked Bitcoin in the blockchain on which the cryptocurrency is based. Bernt explains how this works: If blackmailers demand Bitcoin as ransom, they also have to provide a wallet address to which the blackmailed company will pay the Bitcoin.
“We will then immediately add this wallet address to our ‘blacklist’,” says crypto tracker Bernt. “Similar to marked banknotes, all coins transferred via this wallet can then be recognized as ‘contaminated’ and treated accordingly.”
Over time, the software learns and recognizes more fraudulent wallets, coins, and the crypto exchanges they are traded on. Moreover, since the blockchain can be viewed by all its users, experts like Bernt can track the captured coins on their way through the data network – and, if successful, with authorities, even recover them.
There are some real-life examples. For instance, In May 2020, an unknown hacker group laid a cyberattack on Colonial Pipeline, The largest pipeline in the USA, and forced it to shut down. The US Government paid around $4.4 Million worth of bitcoin as ransom. But it is reported that the FBI followed the transaction and recovered a big part of the ransom.
The use of a crypto investigator is often beneficial for companies. Currently, up to 50 bitcoins are being blackmailed in such attacks, says Bernt. “That depends on who is being hacked.” Most of the time, however, the amounts are kept relatively low so that companies are encouraged to pay quickly to avoid a public loss of reputation.
Nevertheless, that is currently equivalent to 2.1 million dollars in ransom demanded. “In around 95 percent of the cases, ransom money was paid in Bitcoin,” says Bernt. Other cryptocurrencies, such as the privacy coin Monero, are also more difficult for crypto traders to track and not as easy for companies to obtain as Bitcoin. As a result, many would not know what to do when they receive ransom after an attack. “Then there is panic.”
The German authorities, the State Criminal Police Offices, and the Federal Criminal Police Office (BKA) also mark dirty coins as fraudulent. However, as Bernt knows, not everyone works with the same software. The most common program for detecting fraudulent coins is the American crypto analysis service Chainalysis. However, the software is quite expensive, with a fee of tens of thousands of euros per access. Moreover, not every regional authority affords this, and administrative assistants often must be requested, which delays the processes.
Despite this, Chainalysis probably has the best overview of how the number of hacked crypto coins is developing worldwide in the industry. “We continue to see many attacks,” says Gervais Grigg, who manages the cooperation with the international investigative authorities for Chainalysis. Small and medium-sized businesses, in particular, are badly affected. “Ideally, companies that are big enough to pay a lot of money but small enough that they don’t have a cyber-defense department are ideal,” says Grigg. The blackmailers were looking for such companies. Like Bernt, Grigg also believes that many blackmailed companies also pay the demanded crypto money – often accompanied by the investigating authorities.