The history of technology is riddled with unintended consequences. As William Gibson wrote in Burning Chrome, “…the street finds its own uses for things.” Though Bitcoin may not have been originally conceived as a medium for ransom payments, it’s quickly become a central tool for online criminals.

Ransomware, a category of “,” blocks access to a computer or network until a ransom is paid. Despite the evolving efforts of governments to  and , the attacks keep coming. 

Cryptocurrency ransomware payments totaled roughly $350 million in 2020,  — an annual increase of over 300% from 2019. And because US companies are legally required to report cyberattacks only if customers’  is compromised, that estimate may be far too conservative.

Read more: 

Below, we tally up the damage of some of the highest-profile episodes.

Kaseya (2021)

On July 2, 2021, Kaseya announced its systems had been . Kaseya provides IT solutions for other companies — an ideal target which, in a domino effect, ended up impacting approximately in multiple countries. REvil, a cybercriminal outfit, claimed responsibility for the attack and demanded ransoms ranging from a few thousand dollars to multiple millions, . 

It’s unclear how many individual businesses paid up, but REvil demanded from Kaseya. Kaseya declined to pay, opting to cooperate with the FBI and the US Cybersecurity and Infrastructure Agency. On July 21, 2021, Kaseya a universal decryptor key and distributed it to organizations impacted by the attack.

JBS (2021)

On May 31, 2021, JBS USA, one of the largest meat suppliers in the US,  a hack that caused it to temporarily halt operations at its five largest US-based plants. The ransomware attack also disrupted the company’s Australia and UK operations. JBS paid the hackers an in Bitcoin to prevent further disruption and limit the impact on grocery stores and restaurants. The the hack to REvil, a sophisticated criminal ring well-known in ransomware attacks. 

Colonial Pipeline (2021)

On May 7, 2021, America’s largest “refined products” pipeline after a hacking group called Darkside infiltrated it with ransomware. Colonial Pipeline covers over 5,500 miles and transports more than 100 million gallons of fuel daily. The impact of the attack was significant: In the days that followed, the average price of a gallon of gas in the US increased to more than $3 for  as drivers rushed to the pumps. 

The pipeline operator said it paid the hackers $4.4 million in cryptocurrency. On June 7, 2021, the DOJ announced it had  part of the ransom. US law enforcement officials were able to track the payment and dark market link darknet market take back $2.3 million using a private key for a cryptocurrency wallet.

Brenntag (2021)

On April 28, 2021, German chemical distributor learned it was the target of a cyberattack by Darkside, dark market url which stole 150GB of data that it threatened to leak if ransom demands weren’t met. After negotiating with the criminals, darkmarket Brenntag ended up negotiating the original ransom of $7.5 million down to , which it paid on May 11.

CNA Financial (2021)

On March 23, 2021, CNA Financial, the commercial insurer in the US, it had “sustained a sophisticated cybersecurity attack.” The attack was by a group called Phoenix, which used ransomware known as Phoenix Locker. CNA Financial eventually paid in May to get the data back. While CNA has been tight-lipped on the details of the negotiation and transaction, but says all of its systems have since been fully restored. 

CWT (2020)

On July 31, 2020, US business travel management firm CWT disclosed it had been impacted by a  that infected its systems — and that it had paid the ransom. Using ransomware called Ragnar Locker, the assailants claimed to have stolen sensitive corporate files and knocked 30,000 company computers offline. 

As a service provider to of S&P 500 companies, the data release could have been disastrous for CWT’s business. As such, the company paid the hackers about $4.5 million on July 28, a few days before Reuters the incident. 

University of California at San Francisco (2020)

On June 3, 2020, the University of California at San Francisco that the UCSF School of Medicine’s IT systems had been compromised by a hacking collective called Netwalker on June 1. The medical research institution had been working on a cure for COVID.

Apparently, Netwalker had researched UCFS, hoping to gain insights into its finances. Citing the billions of dollars UCFS reports in annual revenue, Netwalker demanded a $3 million ransom payment. After negotiations, Netwalker the bitcoin equivalent of $1,140,895 to resolve the cyberattack. According to the BBC, Netwalker was also identified as the culprit in at least two other 2020 ransomware attacks targeting universities. 

Travelex (2019)

On New Year’s Eve 2019, London-based foreign currency exchange Travelex was by a ransomware group called Sodinokibi (aka REvil). The attackers made off with 5GB of customer data, including dates of birth, credit card information, and insurance details. Travelex took down its website in 30 countries in an attempt to contain the virus.

In the wake of the ransomware attack, Travelex struggled with customer services. Sodinokibi initially demanded a payment of $6 million (£4.6 million). After negotiations, Travelex paid the cybercriminals  (285 BTC at the time, dark market list roughly £1.6 million) to get its data back.

WannaCry (2017)

In May 2017, a ransomware called infected computers across the globe by exploiting a vulnerability in Windows PCs. The WannaCry vulnerability was revealed during a massive leak of NSA documents and hacking tools engineered by a group called Shadow Brokers in . 

Though the exact number of WannaCry victims remains unknown,  around the world were infected. Victims included Spanish telecommunications company Telefónica and thousands of hospitals in the UK. Computer systems in 150 countries were affected by the attack, with a total estimated loss of around $4 billion globally.

The attackers initially demanded to unlock infected computer systems. The demand was later increased to $600 in bitcoin. However, some researchers claim that no one got their data back, even if they met the demands.

WannaCry attacks to this day. In February 2021, the DOJ  three North Korean computer programmers for their alleged role in the WannaCry outbreak.

Locky (2016)

Discovered in February 2016, Locky is notable due to the incredibly high number of infection attempts it’s made on computer networks. Attacks typically come in the form of an email with an invoice attached from someone claiming to be a company employee. On February 16, 2016 identified more than 50,000 Locky attacks in one day. 

Locky has , but the goal is largely the same: onion dark web market list website Lock computer files to entice owners to pay a ransom in cryptocurrency in exchange for a decryption tool, which would allow users to regain access to their locked files. The majority of Locky victims have been in the US, and , but Canada and France experienced significant infection rates as well. 

TeslaCrypt (2015)

 an earlier program called CryptoLocker, the earliest TeslaCrypt samples were circulated in November 2014 but the ransomware was not widely distributed until March of the following year.

TeslaCrypt initially targeted gamers. After infecting a computer, a pop-up would direct a user to pay a for a decryption key to unlock the infected system. report the requested ransoms ranged from $250 to $1000 in Bitcoin. In May 2016, the developers of TeslaCrypt a master decryption key for affected users to unlock their computers.

CryptoWall (2014)

Widespread reports of computer systems infected from the CryptoWall ransomware emerged in 2014. Infected computers were unable to access files — unless the owner paid for access to a decryption program. impacted systems across the globe. The attackers demanded payment in the form of prepaid cards or bitcoin. CryptoWall caused roughly $18 million in damages, . Multiple versions of CryptoWall were released, with each version making the ransomware more difficult to trace and combat.

CryptoLocker (2013)

The first time much of the world heard the term “ransomware” was during 2013’s outbreak. Discovered early in September 2013, CryptoLocker would cripple more than 250,000 computer systems during the following four months. Victims were instructed to send payments in cryptocurrency or money cards to regain access. The ransomware delivered at least  to its perpetrators. 

A in 2014 succeeded in taking down the Gameover ZeuS botnet, which was a primary distribution method for CryptoLocker. The DOJ indicted Russian hacker Evgeniy Mikhailovich Bogachev, as the botnet’s ringleader. Bogachev is still at large — and the FBI is currently  of up to $3 million for information leading to his arrest and/or conviction. 

AIDS Trojan/PC Cyborg (1989)

Widely considered the template for all subsequent attacks, the AIDS Trojan (aka PC Cyborg) is the  of a ransomware attack. In 1989, more than a decade before the creation of bitcoin, a biologist named Joseph Popp distributed 20,000 floppy disks at the World Health Organization AIDS conference in Stockholm. The floppy disks were labeled “AIDS Information – Introductory Diskettes” and contained a trojan virus that installed itself on MS-DOS systems.

Once the virus was on a computer, it counted the times the computer booted up. Once the computer booted up 90 times, hid all directories and encrypted filenames. An image on the screen from the ‘PC Cyborg Corporation’ directed users to mail $189 to a PO address in Panama. The decryption process was relatively simple, however, and security researchers released a free tool to help victims.

Earlier this month, hundreds of companies from the US to Sweden were entangled in the , a company that offers network infrastructure to businesses around the world.

The Kaseya hack comes on the heels of other headline-grabbing cyberattacks like the  and the . In each instance, criminals had the opportunity to make off with millions — and much of the ransoms were paid in Bitcoin.

“We have to remember the primary reason for creating Bitcoin in the first place was to provide anonymity and secure, trustless and borderless transaction capabilities,” says Keatron Evans, principal security researcher at .

As Bitcoin grows more prominent in darknet markets links around the world, cybercrooks have found a vital tool to help them move illegal assets quickly and pseudonymously. And by all accounts, the attacks are only becoming more common. 

Ransomware on the rise

Ransomware is a cybercrime that involves ransoming personal and business data back to the owner of that data. 

First, a criminal hacks into a private network. The hack is accomplished through various tactics, including phishing, social engineering and preying upon users’ weak passwords.

Once network access is gained, the criminal locks important files within the network using encryption. The owner can’t access the files unless they pay a ransom. Nowadays, cybercriminals tend to request their ransoms in cryptocurrencies.

The FBI  ransomware attacks accounted for at least $144.35 million in Bitcoin ransoms from 2013 to 2019. 

These attacks are scalable and can be highly targeted or broad, ensnaring anyone who happens to click a link or install a particular software program. 

This allows a small team of cybercrooks to ransom data back to organizations of all sizes — and the tools needed to hack into a small business or multinational cooperation are largely the same. 

Private citizens, businesses, and state and national governments have all fallen victim — and many decided to pay ransoms.

Today’s business world depends on computer networks to keep track of administrative and financial data. When that data disappears, it can be impossible for the organization to function properly. This provides a large incentive to pay up. 

Although victims of ransomware attacks are encouraged to report the crime to federal authorities, there’s no US law that says you have to report attacks (). Given this, there’s little authoritative data about the number of attacks or ransom payments. 

However, a recent study from Threatpost  only 20% of victims pay up. Whatever the actual number is, the FBI  against paying ransoms because there’s no guarantee that you’ll get the data back, and paying ransoms creates further incentive for ransomware attacks. 

Why do hackers like cryptocurrency?

Cryptocurrency provides a helpful ransom tool for cybercrooks. Rather than being an aberration or misuse, the ability to make anonymous (or pseudonymous) transfers is a  of cryptocurrency. 

“Bitcoin can be acquired fairly easily. It’s decentralized and readily 

available in almost any country,” says Koen Maris, darkmarket list a cybersecurity expert and advisory board member at IOTA Foundation.

Different cryptocurrencies feature different levels of anonymity. Some cryptocurrencies, like Monero and Zcash, specialize in confidentiality and may even provide a higher level of security than Bitcoin for cybercriminals. 

That’s because Bitcoin isn’t truly anonymous — it’s pseudonymous. Through careful detective work and analysis, it appears possible to trace and recoup Bitcoin used for ransoms, darknet sites as the FBI  after the Colonial Pipeline hack. So Bitcoin isn’t necessarily used by ransomers simply because of security features. Bitcoin transfers are also fast, irreversible and easily verifiable. Once a ransomware victim has agreed to pay, the criminal can watch the transfer go through on the public blockchain. 

After the ransom is sent, it’s usually gone forever. Then crooks can either exchange the Bitcoin for another currency — crypto or fiat — or transfer the Bitcoin to another wallet for safekeeping. 

While it’s not clear exactly when or how Bitcoin became associated with ransomware, hackers, cybercrooks, and crypto-enthusiasts are all computer-savvy subcultures with a natural affinity for new tech, and Bitcoin was adopted for illicit activities online soon after its creation. One of Bitcoin’s first popular uses was currency for transactions on the dark market list web. The  was among the early marketplaces that accepted Bitcoin.

Financial impact

Ransomware is big business. Cybercriminals made off just under $350 million worth of cryptocurrency in ransomware attacks last year, . That’s an increase of over 300% in the amount of ransom payments from the year before. 

The COVID-19 pandemic set the stage for a surge in ransomware attacks. With vast tracts of the global workforce moving out of well-fortified corporate IT environments into home offices, cybercriminals had more surface area to attack than ever.

According to , the organizational changes needed to accommodate remote work opened up more businesses for cybercrime exploits, with Coalition’s policyholders reporting a 35% increase in funds transfer fraud and social engineering claims since the beginning of the pandemic.

It’s not just the number of attacks that is increasing, but the stakes, darknet market marketplace too. A  from Palo Alto Networks estimates that the average ransom paid in 2020 was over $300,000 — a year-over-year increase of more than 170%.

When an organization falls prey to cybercrime, the ransom is only one component of the financial cost. There are also remediation expenses — including lost orders, business downtime, consulting fees, and other unplanned expenses. 

The  report from Sophos found that the total cost of remediating a ransomware attack for a business averaged $1.85 million in 2021, up from $761,000 in 2020. 

Many companies now buy cyber insurance for financial protection. But as ransomware insurance claims increase, the insurance industry is also dealing with the fallout.

Globally, the price of cyber insurance has , according to a new report from Howden, an international insurance broker. The increase is likely due to the growing cost these attacks cause for insurance providers. 

A cyber insurance policy generally covers a business’s liability from a data breach, such as expenses (i.e., ransom payments) and legal fees. Some policies may also help with contacting the businesses customers who were affected by the breach and repairing damaged computer systems. 

Cyber insurance payouts now account for  of all premiums collected, which is the break-even point for the providers. 

“We noticed cyber insurers are paying ransom on behalf of their customers. That looks like a bad idea to me, as it will only lead to more ransom attacks,” says Maris. “Having said that, I fully understand the argument: the company either pays or it goes out of business. Only time will tell whether investing in ransom payments rather than in appropriate cybersecurity is a viable survival strategy.”

Early adopters

The AIDS Trojan, or PC Cyborg Trojan, is the first known ransomware attack. 

The attack began in 1989 when an AIDS researcher distributed thousands of copies of a floppy disk containing malware. When people used the floppy disk, it encrypted the computer’s files with a message that demanded a payment sent to a PO Box in Panama. 

Bitcoin wouldn’t come along until almost two decades later. 

In 2009, Bitcoin’s mysterious founder, Satoshi Nakamoto, created the blockchain network by mining the first block in the chain — the genesis block. 

Bitcoin was quickly adopted as the go-to currency for the dark market 2024 web. While it’s unclear exactly when Bitcoin became popular in ransomware attacks, the 2013 CryptoLocker attack definitely put Bitcoin in the spotlight. 

CryptoLocker infected more than 250,000 computers over a few months. The criminals made off with about $3 million in Bitcoin and pre-paid vouchers. It took an internationally coordinated operation to take the ransomware offline in 2014.

Since then, Bitcoin has moved closer to the mainstream, and ransomware attacks have become much easier to carry out.

Early ransomware attackers generally had to develop malware programs themselves. Nowadays, ransomware can be bought as a service, just like other software. 

Ransomware-as-a-service allows criminals with little technical know-how to “rent” ransomware from a provider, which can be quickly employed against victims. Then if the job succeeds, the ransomware provider gets a cut. 

Future legislation

In light of the recent high-profile ransomware attacks, calls for new legislation are growing louder in Washington.

President Joe Biden issued an  in May “on improving the nation’s cybersecurity.” The order is geared toward strengthening the federal government’s response to cybercrime, and it looks like more legislation is on the way.

The  was recently introduced by a bipartisan group of senators. The bill aims to ramp up penalties for cyberattacks that impact critical infrastructure, so the Justice Department would have an easier time charging criminals in foreign countries under the new act.

States are also taking their own stands against cybercrime:  have proposed legislation to outlaw ransomware payments. North Carolina, Pennsylvania, and Texas are all considering new laws that would outlaw taxpayer money from being used in ransom payments. New York’s law goes a step further and could outright ban private businesses from paying cybercrime ransoms. 

“I think the concept of what cryptocurrency is and how it works is something that most legislative bodies worldwide struggle with understanding,” says Evans. “It’s difficult to legislate what we don’t really understand.”

This is part of our  about how innovators are thinking up new ways to make you — and the world around you — smarter. 

---

“Are you a hacker?”

A Las Vegas driver asks me this after I tell him I’m headed to Defcon at Caesars Palace. I wonder if his sweat isn’t just from the 110℉ heat blasting the city.

All week, a cloud of paranoia looms over Las Vegas, as hackers from around the world swarm Sin City for Black Hat and Defcon, two back-to-back cybersecurity conferences taking place in the last week of July. At Caesars Palace, where Defcon is celebrating its 25th anniversary, the UPS store posts a sign telling guests it won’t accept printing requests from USB thumb drives. You can’t be too careful with all those hackers in town.

Everywhere I walk I see hackers — in tin-foiled fedoras, wearing . Mike Spicer, a security researcher, carries a 4-foot-high backpack holding a “Wi-Fi cactus.” Think wires, antennas, colored lights and 25 Wi-Fi scanners that, in seven hours, captured 75 gigabytes of data from anyone foolish enough to use public Wi-Fi. I see a woman thank him for holding the door open for her, all while his backpack sniffs for unencrypted passwords and personal information it can grab literally out of thin air.

You’d think that, with all the potential threats literally walking about town, Vegas’ director of technology and innovation, Mike Sherwood, dark web marketplaces would be stressed out. It’s his job to protect thousands of smart sensors around the city that could jam traffic, blast water through pipes or cause a blackout if anything goes haywire.

And yet he’s sitting right in front of me at Black Hat, smiling.

His entire three-person team, in fact, is at Black Hat so they can learn how to stave off future attacks. Machine learning is guarding Las Vegas’ network for them.

Broadly speaking, artificial intelligence refers to machines carrying out jobs that we would consider smart. Machine learning is a subset of AI in which computers learn and adapt for themselves.

Now a number of cybersecurity companies are turning to machine learning in an attempt to stay one step ahead of professionals working to steal industrial secrets, disrupt national infrastructures, hold computer networks for ransom and even influence elections. Las Vegas, which relies on machine learning to keep the bad guys out, offers a glimpse into a future when more of us will turn to our AI overlords for protection.

US guns make up as much as 60 percent of the weapons on sale on the dark web, new research has found.

Weapons, drugs and stolen identities are readily available on the dark web, a . To investigate where guns, ammunition and guides to their use come from, the UK’s University of Manchester and think tank Rand Europe — or darknet market darknet markets onion 2024 cryptomarkets — and darknet sites found 811 listings relevant to the study, published Wednesday.

Most weapons were from the USA, where , dark darknet market list and most sales were destined for Europe. A gun bought from the dark web was used in a .

“The dark web is both an enabler for the trade of illegal weapons already on the black darknet market and a potential source of diversion for weapons legally owned”, said Giacomo Persi Paoli, the report’s lead author. “The ability for criminals and terrorists, as well as vulnerable or fixated individuals, to make virtually anonymous purchases is perhaps the most dangerous aspect.”

On Thursday, US and European law enforcement agencies the , two of the three largest dark web markets.