Ransom-ware strikes requiring cryptocurrency obligations are on the upswing, notable police stations, hospitals, and (of late ) the city of Atlanta, Georgia. However, no area is affected just as much, state investigators, as South Korea.
Presently a researcher headed by NYU Tandon School of Engineering Cybersecurity expert called Damon McCoy estimates they will have a brand new potential route for police professionals to follow along when trying to establish what goes onto cryptocurrencies which can be utilised to pay for the requirements made by ransom-ware founders.
Even though general public nature of this Bitcoin blockchain was called a design defect by individuals like Edward Snowden, the investigators could track ransom payments made with Bitcoin by obtaining trade info over the general public blockchain on a six-month period.
As stated by the investigation group, South Korea can be a favourite target for ransom-ware attackers. $2.5 million of their 16 million in supported ransom payments were created by South Koreans who suffered an attack. The investigators also have required further research to ascertain why is South Korea especially at risk of ransom-ware strikes and the way that South Koreans can protect themselves.
Can It Be North-Korea?
The unique targeting of South Korea at ransom-ware strikes has resulted in speculation that North Korea has been included. Hacking groups in North Korea have been already implicated in major hacks of theft and exchanges of tens of thousands of dollars’ worth of cryptocurrency, which has been allegedly diverted to the country’s nuclear program (despite the scant hard evidence).
North Korea is known to have engaged in cyber attacks against its enemies, including the major WannaCry attack last year; so it may not be surprising if ransomware attacks against businesses and civilians in South Korea are sponsored by hackers or agencies within North Korea.
In addition, ransomware attackers typically unloaded the tracked cryptocurrencies on a Russian exchange called BTC-E. (BTC-E has since been seized by FBI authorities.) Russia’s ties to North Korea are closer than many in the western world are comfortable with, and the choice of a Russian exchange may also point to cyber attacks emanating from the peninsula.
Researchers Become Victims of Their Own Research Topic
The researchers also ran ransom-ware binaries in a controlled environment to study its nature but eventually became victims of a ransomware attack themselves. They took advantage of the situation to send micropayments to the attackers’ pockets to study everything that happened.
“Ransomware operators ultimately direct bitcoin to a central account that they cash out periodically, and by injecting a little bit of our own money into the larger flow we could identify those central accounts, see the other payments flowing in, and begin to understand the number of victims and the amount of money being collected,” McCoy stated.
The researchers failed to draw the line in researching certain details of the ransom-ware ecosystem like the proportion of sufferers that paid the ransom to recoup their records, citing ethical concerns. McCoy reported that doing this may actually cause sufferers to need to pay for a dual ransom to recoup their own files.
An assistant professor of computer science and engineering at the NYU Tandon School of Engineering, Damon McCoy has generated criminal utilization of cryptocurrencies certainly one of the research targets and contains used Bitcoin advertisements to track human trafficking. The present research on cryptocurrency-related ransom-ware was supported partly by grants from the National Science Foundation, Google, and Comcast.