Insult to Injury: Ransomware and BitcoinJuly 21, 2016
In previous blogs, we’ve told you about the ransomware scourge that’s sweeping the Internet and given some suggestions about when to pay or not pay. You might think that once you make the pay decision, life would be simple again. The problem is that you can’t just give the ransomers your credit card number. (Nor would you want to. They are thieves, remember?) They want to be paid in bitcoin, and that is easier said than done. So in case you find yourself facing down a ransom screen, here’s the skinny on this cyber currency.
You’re probably familiar with PayPal, which allows people to transfer regular money conveniently on the web. When you pay with PayPal, the amount is either deducted from your PayPal balance or it will show up on your bank or credit card statement at the end of the month, depending how your account is set up.
Bitcoin, in contrast, is not a payment mechanism. It is virtual currency, which means its value fluctuates against the American dollar, just like the euro or the Canadian dollar does. So you have to pay dollars for bitcoin at the going rate, just as if you were changing money in another country, and then deliver those bitcoins to the ransomers. But you also have to buy more bitcoin than you think you need because if the value of the bitcoin drops before you can make the payment, you’ll come up short.
Buying bitcoin is risky in itself because you have to expose personal financial information to do it. A few places have Bitcoin ATMs where you can buy the coins in cash. If you have the option, do that. Otherwise, you’ll have go to an online Bitcoin exchange such as Coinbase. The exchange will require you to supply a bank account or debit card number to fund the transaction, which creates an immediate risk because Bitcoin exchanges are notorious for having data breaches. The last thing you want is hackers getting away with your bank account numbers, so if you have to buy bitcoin for a ransom, set up a new bank account to hold the payment funds and close the account immediately afterward.
OK, but then you can pay and your files will be released and everything will be OK, right? Well, hope springs eternal. As we mentioned in an earlier blog, there’s a fair chance the ransomers will release your computer and files. If they do, your next thought should be how to back up your computers. And if you’ve never dealt with ransomware, lucky you. Start regular backups now and you may never have to fear ransomers or worry about bitcoin. We’ll talk about backups in our next ransomware blog.