Bitcoin extortion is a massive growth industry

In the good old days, any hustler with a little ambition could count on the ancient ritual of shaking down local merchants for protection money to earn a living.

And even though it’s been a few decades since the Kray Brothers ran a good chunk of London as if it were a personal fiefdom, the protection racket trade still accounts for a decent slice of the employment pie in many other parts of the world.

In the city of Palermo, for example, approximately 80% of local merchants pay the Mafia to… Well, let’s just say that they make sure that nothing bad happens.

Today, however, the Old World shakedown has gone online.

For Kensington Wine Market owner Andrew Ferguson, the choice of whether or not to pay $500 “in bitcoin” in exchange for the unlocking of his Calgary shop’s data was a no-brainer.

“I know there’s this concept that you don’t negotiate with ‘terrorists’ in situations like this,” Ferguson told the CBC. “But paying $500 [bitcoin] in this instance was a much smaller price than if we’d have the uncertainty of having months of not having all of our data.”

So Ferguson sent his IT guy “to go out for us and purchase bitcoins” in order to get his database unfrozen in advance of the busy holiday season, and now estimates that he’ll pay an additional $5,000-$6,000 to a local “software and I.T. company” to clean up the mess.

There was no question of reporting the extortion to Calgary police “because he didn’t want to be told not to pay the hackers.”

Online extortion demanding bitcoin for ransom is an exploding growth industry, attracting a new generation of tech blackmailers targeting everyone from the financial industry and the corporate world to police departments and governments to mom-and-pop shops and private citizens.

Krebs on Security refers to 2014 as “the year extortion went mainstream”, detailing a wave of DDoS attacks, database lockdowns, and plain old letters in the mail demanding bitcoin from bewildered business owners and their IT staff in exchange for a quiet life.

“From the fraudster’s perspective, the cost of these attacks is a stamp and an envelope,” Nicholas Weaver, a researcher at the International Computer Science Institute (ICSI) and at the University California, told Krebs. “This type of attack could be fairly effective. Some businesses — particularly restaurant establishments — are very concerned about negative publicity and reviews. Bad Yelp reviews, tip-offs to the health inspector. That stuff works and isn’t hard to do.”

After the Ashley Madison hack, a group called Salted Hash reaped over $20,000 U.S. from the adulterous dating site’s ex-clients, sending out a demand for one bitcoin to everyone on the leaked list.

Extortionists often ask for the “tribute price” of 1 bitcoin, approximately $580 Cdn., as in the case of Kensington Wine Market.

Krebs reported in 2014 that the criminal infrastructure responsible for spreading a ransomware called Cryptolocker took in more than $27 million from victims who paid in order to regain control over their encrypted files.

Of course, a business owner could always stand up to the extortionists and refuse to pay.

But he or she would only do that knowing that their IT staff had a full data back-up, and that their system could be up and running again after an attack with no fear of repercussions of the extortionists doing you harm in some other way, like taking down your website.

But if you don’t have a back-up, or if your back-up gets encrypted along with everything else, paying the ransom is definitely the path of least resistance.

We like to think that here in Canada, we’ve effectively left the corrupt customs of the Old World back across the sea where they belong.

But stories like Andrew Ferguson’s are now common and growing in both frequency and scale.

A recent episode of WNYC’s Radiolab tells the story of a middle-aged Russian-American woman who suddenly finds her computer unusable, at which point she receives a message from the hackers.

“All of your files have been protected with a strong encryption, using Cryptowall,” write the extortionists. “This means that the structure and data within your files have been irrevocably changed. To unlock files, you must pay $500 U.S. If you really value your data, then we suggest that you do not waste valuable time searching for the solutions, because they do not exist.”

Cryptowall, which began making the rounds “even as the ink was still drying on the press releases” trumpeting the FBI’s takedown of Cryptolocker, is the new version of Cryptolocker.

The Radiolab episode paints a picture of a typical cyber-extortionist: “Ivan, in a cubicle, at his computer, bored, he has a meeting later with Judy in HR, and he’s mad about it.”

After the July 15, 2015 FBI takedown of Darkode, which saw the arrest of 28 people at the end of an 18-month collaborative investigation with law enforcement in 19 countries, Darkode was back online within two weeks.

The FBI’s advice to anyone hit by a Cryptowall attack today: “Just pay the ransom.“