Â鶹ÒùÔº

Are cryptocurrencies a dream come true for cyber-extortionists?

When malicious software takes over , and demands a ransom to decode the information, regular , and slam to a halt. Sometimes security researchers release a fix that allows computer owners to , but many people are forced to pony up to free their data.

In 2016, the FBI estimated that the – and that's only the cases . All that money isn't paid in cash. Before digital currencies existed, extortionists asked victims to send money by more formal transfer companies like Western Union or make deposits to bank accounts. Those were easily traced. Today, ransomware attacks demand payment in bitcoin and its ilk, systems praised by supporters for their transaction speed and .

In researching cybercrime and cybersecurity for more than a decade, I have found that obtaining cybercrime proceeds is often the . In this regard, diffusion of cryptocurrencies is a major development that enables cybercriminals to achieve their goals. In fact, the escalation of ransomware attacks and the increasing prominence of cryptocurrencies may be connected. Some companies have invested in bitcoin and other cryptocurrencies specifically so they can . That helps contribute to the rapid growth in use and value of e-currencies. And as digital currencies become more common, ransomware attackers will have an easier time hiding their illicit transactions among the growing crowd of legitimate transfers.

Using cryptocurrencies in cyber extortion

The extortionists behind most ransomware attacks demand payments in bitcoin, the most popular cryptocurrency. The WannaCry attackers demanded per computer; the Petya ransomware before providing a code that would let victims decrypt their data. Not many people actually pay, though: WannaCry victims paid only . If everyone infected had paid, the criminals would have received at least $60 million. It translated to a payout rate of 0.4 percent. Even fewer paid the Petya perpetrators: They got , totaling barely over 4 bitcoins, or about $18,200.

Other attacks are more successful: In June, a ransomware attack hit owned by South Korean web hosting firm Nayana. More than 3,400 of the company's customers were affected – mostly small businesses running their websites on Nayana's equipment. Nayana itself stepped up, taking loans to in bitcoins to the attackers, saying it had .

The attackers don't always need to make much money to be effective. Many cybersecurity researchers believe that Petya attacks were carried out rather than for financial gains. But ransomware has a much higher payout rate than other common cybercrimes. One study found that for every 12.5 million spam emails sent promoting a fake online pharmacy, the . That's a success rate of about 0.000008 percent. They make a lot of money – – only by sending out enormous numbers of messages.

Trusting cyberthieves?

One reason cybercrime success rates are low is that victims don't trust the extortionists to once they get paid. In 2016, about a quarter of the organizations that paid ransoms were .

The WannaCry attackers were particularly bad: Their system was labor-intensive, requiring the criminals to manually connect payments with encrypted files before letting victims decode them. In fact, a made it almost impossible to decrypt a paying victim's data.

More sophisticated methods do exist, including those that incorporate what are called "," another aspect of some cryptocurrency systems that runs a particular program as part of completing a transaction. In those ransomware attacks, making payment a victim needs to decrypt and recover hijacked files.

Preparing for future ransomware

The fear of ransomware is growing. In mid-2016, a study found that had bought bitcoins just in case they needed to pay off ransomware attackers. More than 35 percent of large firms, those with more than 2,000 employees, reported being to unlock critical files. Even in case of a future ransomware attack.

At the same time, bitcoin and other similar systems are becoming much more popular. In 2016, the total value of all cryptocurrencies was . By August 2017, that number had increased more than eight-fold, . The World Economic Forum projects cryptocurrencies will hold .

These cycles are self-reinforcing: The more transactions there are involving cryptocurrencies, the harder it will be to . As a result, cybercriminals will use cryptocurrencies more often – forcing their victims (and even potential targets) to invest in cryptocurrencies, too.