by the Crystal analytics team
Jun 02, 2020
Our world now has new kind of cybercrime called “Ransomware.” Ransomware is a type of malware that extorts payments from users for the safe return of their files.
Ransomware works by using a virus software to encrypt the users’ files (making them inaccessible), and then requiring the user to pay a certain amount (usually in bitcoin) to get the files back. Ransomware criminal distributors often use rely on bitcoin as the preferred type of payment, so they can attempt to hide the final recipient of the payments and avoid responsibility for the crime.
According to a Cybersecurity Ventures report, global ransomware damage costs are predicted to exceed $5 billion in 2017, up from $325 million in 2015. Ransomware targets all industries, and it can compromise much more than just computer data. Anything digital is now at risk: health care, banks, logistic operators, state organizations, motion pictures — ransomware does not discriminate.
However, the Bitcoin Blockchain itself is not anonymous, and all transactions are visible to every participant on the blockchain. All information about payers, recipients, and fund flows are there on the blockchain, immutable and readily accessible by any participant. However, each digital block may contain several transactions between different parties, who are represented on the blockchain only by their digital address — a string of letters and numbers.
Given this somewhat limited information, the main challenge is finding the real-world identity tied to digital addresses and collecting evidence of relations between victims, payments, and criminals. However, Crystal Blockchain analytics can bring further transparency and research to these bitcoin transactions.
The best-known virus attack is the WannaCry attack, which started early in the morning on Friday, May 12, 2017. Two of the first prominent victims were the UK's National Health Service (NHS) and Telefónica, the largest telecom company in Spain.
The outbreak quickly spread across Europe and the rest of the world. By late Friday evening, it had taken root in 150 countries, including the United States (where shipping giant FedEx was infected) and China, which had the largest number of unlicensed PCs.
To date, the WannaCry ransomware attack is one of the largest we have ever seen of its kind, demonstrating how ransomware is a global problem. The estimated damage caused by WannaCry in just its initial 4 days exceeded a billion dollars, due to the massive downtime it caused to large organizations worldwide.
By the end of August 2017, the attackers had collected 53.46 BTC, (around US$200k), approximately 52 BTC of which were transferred further.
The picture below is an example of Crystal’s visualization for a chain of transactions from one of attackers’ bitcoin wallets to two withdrawal points — the Changelly and ShapeShift exchanges.
If law enforcement agencies had had the proper tool to find criminals on the Bitcoin Blockchain, they could have quickly cornered the criminals and prevented further global damage.
With Crystal, law enforcement bodies can effectively carry out cryptocurrency investigations with digital evidence by:
Crystal is the tool law enforcement agencies need to prevent or mitigate the effectiveness of ransomware cyberattacks like WannaCry. With Crystal, investigators could catch the perpetrators of such crimes much more efficiently, potentially preventing significant damage.
Crystal is the all-in-one blockchain investigative tool. As public blockchains and cryptocurrencies become more widely used, a broader set of tools is needed to track criminal behavior such as money laundering, terrorist financing, and other illicit darknet activities.
Crystal Blockchain is available as a web application, through an API, or can also be deployed on internal servers for added privacy.
Crystal supports Bitcoin, Ethereum, Bitcoin Cash, Litecoin, and Tether analytics.
See the Crystal Blockchain platform in action. Get a demo today