Disrupting ransom payments

2021-01-15
3 min read

Published on CoinDesk

What do the smart watch maker Garmin, the Isreali insurer Shirbit, the electronics manufacturer Foxconn, Delaware county in Pennsylvania, the foreign exchange company Travelex, the alcohol producer Campari and the Baltimore Public School system have in common?

They were all hit by ransomware attacks this year.

Ransomware attacks are when hackers gain access to the computer systems of the victim, and threaten to expose them or render them useless unless the victim pays a ransom. The attacks are increasingly professional. Victims are directed to a “user support” site where they can chat with the ransomware operators. Sometimes they can see a ticking clock: If the ransom is not paid within 24 hours, the ransom amount doubles.

The COVID-19 pandemic forced even reticent companies to start working remotely, which was a blessing for ransomware operators. The average ransom payment in Q2 2020 was over $178k USD, which is a 60% increase from Q1 2020. Ransomware operators have also improved on their methods: whereas a few years ago attacks were largely “spray-and-pray”, hackers are now deliberately picking their targets and adjusting ransom amounts based on what they think they can pay. The ransom is often only part of the cost. The Danish facilities company ISS estimates that a ransomware incident in February will end up costing them between $45m to $75m USD in IT upgrades and other measures. These ransoms are almost always paid in Bitcoin. By 2021 it is estimated that ransomware operations will cause 20 billion USD in damages.

The ransomware industry is experiencing rapid growth, and governments are increasingly aware. On January 6th, the FBI issued a warning to the private sector about Egreror, a ransomware operator that has affected Barnes & Noble, Kmart and Ubisoft. CoinDesk columnist JP Konig has argued for a government ban on companies paying for ransomware, in the hope that it would reduce the incentive for criminals to engage in these attacks. We are a large profile hack away from ransomware being a topic in mainstream politics. 

The emergence of Bitcoin has facilitated a crime that previously was not possible. Yet there is no reason why the use of Bitcoin for ransom should be constrained to online crime. When an American businessman was kidnapped in Costa Rica in 2018, his kidnappers demanded (and received) a ransom in bitcoin. Known cases of kidnapping for Bitcoin are rare as of now, but it is just a matter of time until kidnappers understand the product market fit. In fact, Bitcoin adoption is growing fastest in countries like in Nigeria, where kidnapping has been called “a growth industry.”

Bitcoin ransom payments may enable new forms of real world crime. In the past, Somali pirates risked their lives for a ransom payment that had to be airdropped from a helicopter. In the future, pirates may simply steer an explosive laden remote controlled ship next to an oil tanker and tweet a picture with a bitcoin address at the shipping company. Private jets flying out of Davos may find themselves approached by autonomous aircraft threatening to smash into the rudder unless demands are met.

Bitcoin is highly liquid, censorship-resistant digital cash. These properties make it attractive for criminals, but also pro-democracy activists. The Human Rights Foundation championed Bitcoin for its important role in helping protestors in Belarus, Hong Kong and Nigeria. Bitcoin is also gaining acceptance as an effective hedge against inflation and government confiscation on Wall Street.

While cryptocurrency skeptics like Rashida Tlaib, Jamie Dimon and Donald Trump continue to critique digital currencies, the cat is out of the bag. We are already living in a world where the second order effects of permissionless money are present, and there is no going back. Just ask the CEOs of Garmin, Travelex, Campari or Foxconn.