OK, so you know what ransomware is and how it holds your data hostage until you fork over whatever amount the datanappers demand. But how do you actually pay the ransom? It’s not like the cyber criminal is going to take a check, after all. And unlike in Mel Gibson’s movie Ransom, you’re not going to stuff a bunch of unmarked bills into a leather bag and make the drop at a place described to you by an electronically disguised voice on the phone.
These datanappers are smart and they don’t want to get caught cashing your check, picking up a bag of money or having a PayPal account that can be traced to them. Also, they could be anywhere in the world and exchanging currencies is awkward and traceable. So the invention of cryptocurrencies such as Bitcoin really makes their miserable “jobs” much easier. In fact one could argue that ransomware only became practicable because of Bitcoin.
So what the heck is a cryptocurrency and why Bitcoin? According to Wikipedia, cryptocurrency “is a digital asset designed to work as a medium of exchange using cryptography to secure the transaction and to control the creation of additional units of the currency.” Simply put, it is virtual money. It exists only in digital form and is used only in electronic transactions. Bitcoin is the most popular and well established form of cryptocurrency. Bitcoin is not regulated by any central bank. As of 10:20am, June 4, 2017, a single Bitcoin is valued at $2521.29 US Dollars, although the value fluctuates wildly.
When the datanapper demands payment in Bitcoin, it presents considerable risk to the victim. The victim must acquire Bitcoin from an on-line exchange such as Coinbase. The process requires creating a Bitcoin “wallet” and then linking the wallet to a credit card or bank account. This can be risky because Bitcoin exchanges are notorious for being hacked themselves. It is advisable to create a new bank account for this purpose and fund it only with the amount of hard currency necessary for the ransom transaction…and then close the bank account immediately afterword.
However, as mentioned earlier, Bitcoin values are extremely volatile, fluctuating tens or even hundreds of dollars by the minute. Suppose the datanapper demands $1000. Between the time you purchase a thousand dollars worth of Bitcoin and the time you transmit it to the datanapper, if the value of Bitcoin drops, the datanapper might not accept your payment as sufficient. Negotiations could be possible, but it might be safer to purchase a little more Bitcoin than the amount demanded.
Finally, these are criminals. There is no assurance that they will release your data after you make payment. If they don’t, it’s not like you can call your credit card company and dispute the charge. When you pay with Bitcoin the transaction is final.
Wouldn’t it be a whole lot easier, less expensive, safer, and more comforting to prepare your computers to avoid ransomeware in the first place? Keep your operating system up-to-date, use firewalls and antivirus, and make PC Condom part of your defense today.