Bitcoin is a very speculative currency, still relatively easy to manipulate compared to the major currencies, and subject to massive increases and drops in value. Currently the falling BTC value forces ransomware mafia to immediately convert their ill gotten Bitcoins to hard currency.
"I've seen this discussion in underground forums among Russian criminals," Etay Maor, senior fraud prevention strategist at IBM Security, told The Register during RSA in San Francisco.
"They use Bitcoin for the money laundering part and take payment with it, but they'll move it out almost immediately. Most of them won’t keep bitcoins – they don't like the valuations Bitcoin has – so they just use it as a layer of obfuscation, and move it to a different form of money."
Maor said the malware operators are adept at laundering their ransoms into other online currencies or farming the job out to money mules who launder the funds through their accounts in exchange for a commission. He stated that botnet owners are also getting in on the scam by offering to install ransomware on thousands of machines, and net a tidy cut.
What To Do About It
- The rule "Patch Early, Patch Often" still applies, but these days, better to "Patch Now" all workstations for both OS fixes and popular third party apps that are part of your standard image rolled out to end-users. A product like Secunia can scan for all unpatched third party apps.
- Make sure your Backup/Restore procedures are in place. Regularly TEST, TEST, TEST if your restore function actually works. The latter is often overlooked.
- End users need to be stepped through effective security awareness training so that they are on their toes with security top of mind when they go through their email or browse the web.
Find out how affordable this is for your orgranization today. You will be pleasantly surprised:
