With 2014 coined “the year of the retail breach” and 2015 “the year of the health care breach,” the trend looks to tag 2016 “the year of ransomware.”
In a typical ransomware attack, hackers use software to block access to a computer system until party pays a ransom amount, usually in the form of “Bitcoins.”
But what is a Bitcoin and why is it so popular in ransomware attacks? Bitcoin has two hacker-friendly features: (1) transfers are anonymous and (2) no central bank or agency oversees the transactions.
For starters, Bitcoin is digitally created currency that exists electronically. Unless it is converted into another form of currency through an exchange, Bitcon only exists on-line. Unlike currency which is printed by a government, Bitcoin is created through a process called “mining.” Bitcoin “miners” solve complex math problems with randomized input data, and when the problem is solved and verified by other miners, the miner who solved the problem is rewarded with Bitcoins (usually 25, but the number can vary).
A Bitcoin miners’ work serves another function: it verifies each Bitcoin transaction. In other words, the “complex math problem,” that a miner solves is the verification of prior transactions. As a result, the verification process necessarily involves prior Bitcoin transactions as part of the data needed to solve the problem. When a series of transactions (called a “block”) occur, miners put the information in that block through a publicly available mathematical formula to convert it into a more compact, random series of numbers and letters called a “hash.” A critical portion of each hash is produced using the hash of the block that preceded it. This allows miners to track the history of transactions back to the very first Bitcoin transaction.
This entire history of Bitcoin transactions is called the “blockchain,” a public ledger for the whole Bitcoin system. Since miners can look at each block and check it against each preceding block as well as the entire block chain, they can confirm that each transaction is legitimate. Otherwise, it could not be reconciled with the blockchain.
A miner who verifies a block submits his solution (called a “proof of work”) to other miners who essentially double check the result. The other miners stamp the proof of work as a notary would stamp the recording of a deed, publicly verifying that each transaction, and therefore the whole blockchain, is trustworthy. It takes only about ten minutes for a miner to submit a proof of work and for other miners to verify it, thus finalizing the Bitcoin transaction.
Bitcoin users store their Bitcoins in a digital “wallet” on a computer or mobile device. The amount of Bitcoins in each wallet is visible to everyone since the blockchain (and every transaction within it) is public, but each user has a “private key” that only they know. The private key is what allows users to exchange or transfer Bitcoins within their wallet. Think of the wallet as a safety deposit box made of glass so everyone can see how much is in it, but only the safety deposit box owner has the key to access the contents inside.
Importantly, wallets do not require users to identify themselves by name or any other type of identifying information. The wallet is simply an account identified by a series of random numbers and letters. When a pure Bitcoin transaction is made, the real names of buyers and sellers are not revealed in the wallet or anywhere on the blockchain. The exception to the anonymous exchange occurs if someone wants to exchange a Bitcoin for a good or service, or wants to convert the Bitcoin into another type of currency through an exchange.
In Part II, I will talk about why Bitcoin is a favorite form of ransom.