back to article How to build the next $1bn tech unicorn: Get into ransomware

Over the last few years there has been an explosion in ransomware attacks, and the latest analysis shows the crooks are banking some serious Bitcoin. An analysis by F-Secure's chief research officer Mikko Hyppönen of a Bitcoin wallet used by Cryptolocker shows the operators are moving millions of dollars of virtual currency …

  1. P. Lee

    "Software-as-a-service gangs refer to their victims as 'customers'

    FTFY

    1. Michael Thibault

      That would be:

      "Access-as-a-service gangs refer to their victims as 'milkers'," he explained. "They want the reputation of being reliable because it encourages people to pay up if they want their files back..."

      It seems to me that any 'trust' they're developing, any 'goodwill' among their 'customer' base could very easily by completely vaporized by the first instance of ransomware that shows up a second time, jonesing for 'just a little more'. This wouldn't necessarily occur--users jonesing for access to their feeds will likely simply cave and get used to a new anything--, but if the milking machine fired up a second time and did happen to drop jaws widely, it wouldn't necessarily be a bad thing.

      1. Robert Helpmann??

        Who the hell do these crooks think they are? Adobe?

  2. Adam 1

    > scammers earning more than Yahoo!

    Pretty sure I am as well.

    Oh sorry, you are talking about revenue, not profits. My bad.

    1. MyffyW Silver badge

      Good point @Adam_1 - "$2.2m in real money" is actually revenue, not necessarily profit

      The crypto-crims will have to have balance that against the cost of doing business (software development, volcanic lair, white cat etc.)

  3. Bob 18

    This is why I think we'd be better off banning Bitcoin. If there's no Bitcoin ATM at the end of the block, it will be a lot harder to collect the ransom from Granny.

    1. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Yep, couple of criminals abuse the system, so lets ban the whole thing. Why don't we go one step further and ban banks? If there are no banks, there won't be any ATM's either, and Granny won't have to pay for anything ever again.

      p.s. the real problem here is the vulnerabilities and insecurities built into Windows, making these attacks possible. When was the last time you heard a ransomware encrypting files on a smartphone?

      1. Phil Endecott

        > couple of criminals abuse the system, so lets ban the whole thing

        How much use is Bitcoin getting for purposes other than ransomware and drug deals?

        1. Terrance Brennan

          Good point. One big reason to use Bitcoin is to buy illegal goods or engage in otherwise dubious activity. Another reason is to avoid taxes. As I once read in an El Reg commentary "Civilization is expensive, deal with it". Everyone wants the benefits of an advanced society but would prefer someone else pay for it. What is a legitimate use for Bitcoin?

        2. Finder Keeper

          > How much use is Bitcoin getting for purposes other than ransomware and drug deals?

          It's hard to estimate, given the pseudonymous nature of bitcoins. We know the addresses that the coins are flowing through, but in most cases we don't know who those addresses belong to.

          Having said that, I personally pay for home-delivered food using bitcoins on lieferservice.ch and have used bitcoins to pay for coffee and computers.

      2. Medixstiff

        "When was the last time you heard a ransomware encrypting files on a smartphone?"

        Yeah but how many people still do their banking on their PC's exclusively as opposed to their smartphone?

        People like bashing Windows but their market share more than anything else paints the target on them.

        I still chuckle at all the poor dingle berry's that go on about changing over to Linux, like it's the next big thing, it's been the next big desktop replacement since the 90's and it's market share is still less than 2%

        https://www.netmarketshare.com/operating-system-market-share.aspx?qprid=10&qpcustomd=0

    3. allthecoolshortnamesweretaken

      And while we're at it, let's ban cows, shall we? After all, cows kill more people than sharks each year.

    4. ZSn

      Anonymous?

      Since bitcoin is not anonymous, you can track any transactions, just not the name on the wallet, what stops them just waiting until they try to cash out the bitcoins and then arrest them? Or am I missing something?

    5. MyffyW Silver badge

      On the strength of that argument we should also ban US dollars as it is the currency of choice for serious miscreants. And watch as they switch to Euros and Yuan and maybe even Sterling.

      I jest, of course :-)

  4. Donald Becker

    Just a note about 'unicorn' valuation: it's mostly for PR.

    A VC that invests $10M for 1% of a company's stock makes it "worth" $1B. But that deal probably came with 10x warrants, a pay-back provision, right of first refusal, board seats, control of executive selection, and every other absurd provision the VC could think of.

    We are just starting to hear the stories of employees that paid high taxes on their RSUs (granted stock) or exercised options, only to find the common stock worth far less when the company is acquired.

    It might not be illegal, but it's white collar fraud. Simple extortion looks a little more honest now, doesn't it?

  5. Anonymous Coward
    Anonymous Coward

    Fool me once

    Surely a person or company will only get hit by a cryptolocker once. After that they lock-down, and adopt a backup strategy.

    1. DropBear

      Re: Fool me once

      I guess you've never heard the saying "smart people learn from other peoples' mistakes, normal people learn from their own mistakes, and dumb people don't even learn from their own mistakes" - I have no doubt it applies equally well to companies (are they not people too after all?).

  6. Anonymous Coward
    Anonymous Coward

    Fool Them Twice....

    I know one company who've been hit THREE times by this kind of ransomware scam, and have paid up every time. They still don't back up their data properly!

    1. Steven Roper

      Re: Fool Them Twice....

      Then their CEO and entire upper management should charged with criminal negligence and aiding and abetting criminal extortion, and the company put into involuntary administration.

      In fact, anyone who pays a ransom demand should be charged with aiding and abetting criminal extortion. By paying they are not only encouraging the crime, they are also putting others at risk, and they should be held directly and personally accountable for that.

      Governments refuse to pay terrorist kidnapping ransoms for a very good reason. That should be extended to companies and private citizens as well.

      1. ZSn

        Re: Fool Them Twice....

        You'll find that governments *do* pay ransoms, they just don't publicise it for good reason.As for their CEO, well perhaps it's just cheaper to pay the ransomware than actually pay for decent security. It seems like the ransomware guys aim to 'help' their 'customers' more than a lot of helpdesks I've seen.

        1. Nigel 11

          Re: Fool Them Twice....

          Governments do pay ransoms, but they also employ assassins (another thing they don't publicise, Russia excepted). I wonder if any ransomware criminals have yet discovered that if they get too greedy, governments may unleash their "plausibly deniable" people.

  7. RobHib
    Stop

    What are the NSA, GCHQ doing about it? Answer: stuff-all!

    It's about time the NSA, GCHQ etc. target this mob instead of us soft and easy targets.

    We need to ask our political masters why these pack of bastards aren't also on the spooks top priority list.

    We know they are not! Why, the ransomware is actually INCREASING isn't it?

  8. Finder Keeper

    Ground-based capture mechanism?

    I think the mechanism for extending and locking the legs is complicated, and could be replaced with a ground-based capture mechanism. A fighter plane landing on a carrier relies on a hook and wire, and it's travelling a lot faster (vertically as well as horizontally) than this rocket. Why doesn't Space-X use a set of robotic arms on movable platforms that surround the landing point? As the rocket nears the ground and slows its descent, these platforms could approach it from all sides, with a series of arms extended, and gently stabilize the rocket as it touches down and cuts its engines.

    Even a set of cables could be used, parallel to the ground, at different heights and different angles relative to each other, closing in on the rocket so that it cannot fall over after landing.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like