Once it passed to the criminals, it is very difficult to claw it back. However, the reality is quite the opposite. While cryptocurrency allows ransom payments at the speed of the internet, making it attractive to illicit actors, the blockchain — the open ledger on which crypto lives and moves — allows law enforcement to track and trace the flow of funds in real time, providing unprecedented visibility on financial flows.
For example, in the Colonial Pipeline attack, law enforcement was able to track and ultimately seize the ransom payment. That recovery was possible only because cryptocurrency was the medium of payment. In other words, cryptocurrencies, far from being anonymous, allow law enforcement and regulators visibility on financial transactions in real time.
Linkedin As Ethereum ETH continues to soar in its market price , cybercriminals are quick to jump in on new opportunities to make a profit. A new variant of the HC7 Planetary ransomware appears to be the first ransomware to accept the Ether cryptocurrency as ransom payment. The HC7 Planetary variant is distributed via hacking into networks using remote desktop.
Once the malicious actor hacks into the network, the ransomware is manually installed on all machines that can be accessed. The ransomware, which is currently in the wild, encrypts files and appends them with a. Figure 1.
HC7 Planetary ransomware ransom note via bleepingcomputer. In December , security researchers discussed how HC7 -encrypted files can be decrypted by performing memory forensics on a victim's machine in order to retrieve the password used on the command line when the ransomware was installed.
Where ncaa ncaa basketball tournament commit
LAZIO VS PALERMO BETTING EXPERT FOOTBALL
According to the Justice Department, the defendants targeted vulnerable computers and instilled ransomware, preventing victims from gaining access. Consequently, the hackers asked victims to pay a ransom in Bitcoin to gain access or risk losing important data. Another pair of Iranians also based in Iran, Ali Khorashadizadeh and Mohammad Ghorbaniyan, was responsible for converting the ransom Bitcoin payments into the Iranian riyal. The U. Treasury noted that over 7, Bitcoin transactions were trailed to the cryptocurrency addresses of both men.
Sigal Mandelker, Treasury under-secretary for terrorism and financial intelligence, said that the department is focusing on Iranian hackers who are out to extort victims. Mandelker also warned cryptocurrency exchanges and P2P exchangers to increase security as Iranians are desperate to get US dollars. The indictment charges, however, did not state that Savandi and Mansouri acted on behalf of the Iranian government. State Sponsored Cryptocurrency Cybercrime Countries like North Korea are notorious for carrying out cyber-attacks on some cryptocurrency exchanges.
A North Korean hacker group known as Lazarus, is well-known for its numerous attacks on virtual currency exchanges and fintech companies. Example of what a Planetary Encrypted Folder Looks Like As the ransomware is manually installed and typically cleaned up by the developer afterwards, finding a sample is not easy.
Bleeping Computer only learned about this variant because a victim reached out to us for help. When infected, the developers allow a victim to decrypt a single machine for a set price or the entire network for another price. In the past, a method to decrypt HC7 encrypted files was discovered by performing memory forensics on a victim's computer in order to retrieve the password used on the command line when the ransomware was installed. The change of success using this method, though, diminishes the longer the computer is in use and no longer works at all if the computer has been rebooted.
Related Articles:.
