Ransomware & Bitcoin

Out of all the various types of cyber-attacks out there, one of the most common and serious involves ransomware. This pertains to an attacker locking an organization’s data with encryption and keeping it like that until the payment of their ransom. Over time, these attacks would increase in both the number of incidents and severity. In fact, the average ransomware payments during the first half of 2020 increased by 60%. Most of these payments were done with Bitcoin; roughly 98% of them to be exact.

Many can look at the name of this attack strategy and believe that it is all the explanation they need. “Ransomware? And it involves holding data ransom until the demands are met? That isn’t too hard to understand.” Indeed it is not if you don’t go beyond the title and a basic outline of what it entails. However, when you throw cryptocurrency into the mix, it can add some intricacy to the concept. With that in mind, one also has to wonder why ransomware frequently targets Bitcoin.

Explaining this type of malware

‘Ransomware’ is a popular tactic of cyber-extortion. It utilizes malicious software to obtain a user’s computer system and hold it hostage until the user pays a ransom. These attackers typically demand ransom in the form of cryptocurrency, like Bitcoin. The reason why this is can boil down to its anonymity and simplification of online payments. The malicious software attack locks a user’s computer for a specific period. After this, either the ransom price increases or the user’s data is completely ravaged.

Certain ransomware – the more simple kinds – may lock the system, making it easy for a knowledgeable person to reverse. However, more complex malware uses the ‘cryptoviral extortion’ technique. It encrypts the victim’s files, thus rendering them inaccessible. In order to decrypt them, they will demand a ransom payment. A cryptoviral extortion attack with proper implementation makes file recovery without the decryption key an intractable problem. Moreover, it becomes difficult to trace digital currencies (like a paysafecard or Bitcoin and other cryptocurrencies used for ransom), as well as track and prosecute the perpetrators.

Read about more cutting edge technologies in our article: What is Chaos Engineering?


Cyber-attacks such as denial-of-service (DoS) may be performed for fun or to make a statement. Some attackers set out to prevent a business from accessing its computer by demanding bitcoin as payment. Only by paying the attackers can the business gain re-entry to its system. This shady method of making a profit is achievable with ransomware, which itself is a type of DoS attack.

In a DoS attack, the cyber-attackers normally use one Internet connection and one device. With this, they can send fast and continuous requests to a targeted server to overload its bandwidth. DoS attackers take advantage of a vulnerability in the system and wear out the RAM or CPU of the server. The damage in loss of service courtesy of a DoS attack is repairable in a short time, though. This is achievable by implementing a firewall that contains allow and deny rules.

A DoS attack has only one IP address, so it is easy to fish out and prevent any access using a firewall. Nevertheless, there is one DoS attack that is very difficult to detect: a distributed denial-of-service (DDoS) attack. Many people believe that the standard DoS attack and DDoS attacks are interchangeable, but that is a common misconception. They are actually quite different.

A DDoS attack utilizes an assortment of infected devices and connections spread on a worldwide scale as a botnet. A botnet is a network consisting of personal devices that cybercriminals have infiltrated without the knowledge of the devices’ owners. The purpose of a DDoS attack is different from most other cyber-attacks that aim to steal sensitive information. The launch of DDoS attacks is out of a desire to make websites inaccessible to their users. However, some DDoS attacks act as a facade for other malicious activities.

Why does it mainly target Bitcoin?

There are three reasons why ransomware fixates on Bitcoin: speed, anonymity, and access.

Bitcoin, much like other cryptocurrencies, gives cybercriminals the ability to obtain funds with abundant anonymity. This is what makes the transactions incredibly hard to track. On the dark web, Bitcoin would gradually gain notoriety as the common of this part of the Internet. Even today, it remains popular there. It is deemed by many to be the essential cryptocurrency because it is easy to acquire and use. This in turn makes those with malicious intent believe that victims will be more likely to pay. 

Now and then, cyber-attackers demand other cryptocurrencies, such as Zcash and Monero. These digital currencies have additional privacy features that ensure difficulty in tracking payees. However, they are the exceptions to the rule.

Learn more about Bitcoin in our article: How to Turn Bitcoin Into Cash