Interesting how the whole money system that bitcoin tried to fight against is completely recreated in bitcoin. There are centralized banks, just they are called exchanges. Most people hold their money there. And apparently money laundering is also making a come back as bitcoin mixer agencies.

If these mixers really succeed for 5 or so years at what they are doing, I guess bitcoin might have a chance after all.

Last paragraph...

This introduces a unique ethical issue. We must consider the impact on victims before taking down ransomware infrastructure.

...if every victim did not pay or was prevented from paying, the scale of the problem would likely decrease; however this would mean that some individuals would incur additional harm by not being able to recover their files.

Well, no. You take it down immediately so new victims aren't added.

It would be nice if you could provide the uncrypt key for the current victims, but explain to the hospital that's shut down by these assholes how you could have prevented it but we're waiting for current victims bitcoins to clear the exchange.

Oh, and go full ISIS on the people running the ransomware.

Intervention strategies for ransomware is different from conventional malware. In particular, the victims of conventional malware benefit from any takedowns; as the malware is removed, they might see fewer ads or experience faster computers. On the other hand, taking down ransomware incurs collateral damages. To many victims, unfortunately, the only way out of their current situation is to pay. As such, intervention strategies need to focus on how to prevent people from being infected in the first place (e.g., education or improved IDS).

What if the hospital is the one who was already hit and was about to pay because they are desperate to get back up and running?

At what point do you stop the madness?

What if more hospitals fall victim while we're waiting for the one hospital to pay?

And when do we go Full ISIS (tm) on scum who hold hospitals hostage?

The madness won't stop untill people learn to not click random attachments if you ask me...

The problem isn't per se randomware, the problem is people not knowing better than to click anything and everything they see or am I mistaken?

Nice writeup! I have always been interested in how ransomware works and to what extent the transactions can be backtraced. It still surprises me that these attackers seemingly are unaware to what extent bitcoin blockchain transactions can be traced. It certainly took them long enough to make the switch to Monero.

That Locky simply moved 40% of their revenue into BTC-e (Figure 8), without going through mixers, is likely just bad op-sec.

Tracking ransomware payments...