The United States’ department of justice announced last week that it seized 63.7 bitcoin, worth about R35-million, allegedly paid as ransom to hacking group DarkSide.
Last month DarkSide targeted the Colonial Pipeline, the largest refined oil pipeline system in the US, resulting in critical infrastructure being taken out of operation. The hacking group demanded a ransom of 75 bitcoin.
The crime is an example of one of the many ransomware attacks that have hit companies over the past year.
Ransomware is malicious software that infects a computer system and prevents it from being used. The computer system and the files on it remain locked until a ransom is paid.
According to a recent report by blockchain data firm Chainalysis, ransomware is the fastest-growing cryptocurrency-related crime. Known payments to ransomware attackers rose 337% from 2019 to 2020, when they reached more than R5.4-billion worth of cryptocurrency.
This year, ransomware attackers have so far taken more than R1.1-billion, Chainalysis found. And the average known ransomware payment has more than quadrupled from R165 000 in the last quarter of 2019 to R740 000 in the first quarter of this year.
The Chainalysis report notes that blockchain analysis can be used to trace the flow of funds paid to ransomware attackers.
In a speech announcing the DarkSide seizure, US deputy attorney general Lisa Monaco said: “The sophisticated use of technology to hold businesses and even whole cities hostage for profit is a decidedly 21st century challenge — but the old adage ‘follow the money’ still applies. And that’s exactly what we do.”
According to an affidavit, the FBI used a blockchain explorer to identify the two addresses to which the ransom was paid. The FBI found that on 8 May the 75 bitcoin was subsequently transferred to a number of other addresses.
The law enforcement agency found that about 63.7 bitcoin had been transferred to a specific address, for which the FBI has the private key, used to authenticate digital asset ownership and encrypt a bitcoin wallet.
William Callahan, the director of strategic affairs at the Blockchain Intelligence Group, a Canada-based threat intelligence company, explained: “You have to look at bitcoin as this holder of some sort of value. That value is transferred along the way and could be cashed out for fiat currency, wherever the exchange is located.
“So when we use the term ‘follow the money’, we’re really looking at following the value of what can be exchanged into fiat currency.”
Callahan said it is fortunate that, unlike fiat currency (a government-issued currency), bitcoin is transferred along a blockchain. A blockchain is a decentralised, public ledger that isn’t tied to a single web server.
“So using software, the FBI was able to follow step by step the transfer of the bitcoin.”
The Blockchain Intelligence Group uses similar software to trace cryptocurrency transactions. “This is a similar kind of analytics to tracing a phone number and eventually doing a wire tap,” said Callahan, who formerly worked at the drug enforcement administration in the US.
Financial investigations have become complex, he added. “As long as there is going to be this criminal activity, law enforcement is going to have to keep up.
“We always have to try to keep a step ahead of the criminal actor. And if it’s not cryptocurrency, it’ll be something else of value that could be exchanged somewhere else.”
Monica Singer, the former chief executive of Strate and the current South Africa lead for blockchain company ConsenSys, noted that most illicit transactions are happening in US dollars and not in cryptocurrency.
According to Chainalysis, in 2019 criminal activity represented 2.1% of all cryptocurrency transactions. “The bitcoin ledger is very transparent …. We believe that it is going to change accounting, because you’re going to have real time auditing and much more sophisticated tools to prevent fraud or corruption,” Singer said.
“This will increase transparency as to where the money goes.”