With crypto currency, the cyber criminals open one or several digital wallets at one of the crypto currency exchanges online, such as Blockchain Luxembourg, and then they can start accepting ransom payments from their victims using coins.
The crypto currency can later on either be used directly to purchase goods online at merchants that accept it as a payment method, or can be transferred to currency mixers to launder the funds before being withdrawn in hard cash or used online.
Indeed, crypto currency brought about an important advantage to cyber criminals: anonymity. But this anonymity is not absolute. In the case of Bitcoin, for example, the first major crypto currency to take the world stage with ransomware, anyone can see what transactions took place and how much currency is available for any valid wallet ID. For example, entering a particular (randomly chosen) wallet ID at https://blockchain.info/address/<wallet_address> would give the following information:
This particular wallet contains about $ 2.1 million worth of Bitcoins. A click away, one can find all the transactions involving this wallet:
Nonetheless, with all this visibility, tracking the owner of a wallet is very difficult.
But at the same time, most people had never heard of Bitcoins or crypto currency in general. This created a situation where the cyber criminals had to educate victims on this method of payment and hold their hands to purchase Bitcoins and transfer them.
With this newly found method of collecting ransom payments, ransomware flourished. According to research in some internet security reports, ransomware collected about $1 billion in 2016 alone. Locky ransomware, a very successful campaign in 2016 that was distributed via spam email, took in more than $150 million spread among just three digital wallets. Cryptowall was second with $100 million. CryptXXX reportedly collected about $70 million. Cerber is yet another very successful family that collected more than $50 in just the second half of 2016 and moved on to become a Ransomware as a Service (RaaS) that other cyber criminals who are less tech-savvy can leverage and distribute.
As for ransom amounts, they have been steadily creeping up. From an average of $300 per ransom in 2015, we could see over $1,000 in 2016. And with attacks becoming more sophisticated and targeting hospitals and other critical infrastructure, demands for ransoms reached very high amounts.