Analyzing cryptocurrency data, a research group has estimated a lower-bound on 2020 ransomware revenue: $350 million, four times more than in 2019.
Based on the company’s data, among last year’s top earners, there were groups like Ryuk, Maze (now-defunct), Doppelpaymer, Netwalker (disrupted by authorities), Conti, and REvil (aka Sodinokibi).
Ransomware is now an established worldwide business.
Slashdot thread.
supersaurus • February 11, 2021 2:05 PM
@clive
you are awesome. that single comment contributed more to my understanding of crypto-insanity than reams of stuff I’ve read or started to read elsewhere.
JonKnowsNothing • February 11, 2021 3:09 PM
@Clive @All
re: Crypto Currency Viability
iirc(badly) A long time back, there was an analysis of the cost of producing Crypto Currencies both in Hardware, Time and Energy. The power consumption costs rise as more powerful servers are used. It’s one reason why Crypto Miners off load the power consumption onto Someone Else so they don’t have to pay for it and they don’t put out a power over usage signal.
NSA’s Bluffdale Data Center was situated so that it could grab 90+% of the power output of a nearby generation utility system for their supercomputers.
As Crypto Mining increases, so does the power demand. At some point the power drain will exceed the ability of local power generation sources. Unless someone has built a Crypto Mining Platform run 100% on Solar-Wind, the power supply consumption issue will create more problems.
In California, we already have blackout, brownout and full shutoff days due to power generation and weather conditions. Other states and countries are also finding power consumption to be a serious problem.
ht tps://en.wikipedia.org/wiki/Utah_Data_Center
The completed facility is expected to require 65 megawatts of electricity, costing about $40 million per year. The facility is expected to use 1.7 million gallons (6,435 m3) of water per day.
vas pup • February 11, 2021 5:20 PM
Related to tag: Crime
Milan’s ‘acrobat thieves’ use Instagram tags ‘to rob rich and famous’
https://www.bbc.com/news/world-europe-56031381
“A group of robbers in Milan known as the “acrobat thieves” monitored the Instagram pages of the city’s rich and famous in order to ransack their homes, prosecutors have revealed.
The group examined celebrities’ photos to find entry points, using tagged locations to find out where they lived and when they would be out.
Footage released by officials shows the robbers scaling apartment buildings.”
Mark McCutcheon • February 11, 2021 7:17 PM
@Clive Robinson,
Perhaps I’m missing your point, but to my understanding, the finite number of bitcoins possible to mint (in current forks approx. 21M) is really irrelevant to issues of supply and demand. The currency is actually traded in satoshis, units of 10^-8 bitcoins, and if that should ever prove insufficient in number, it’s always possible to fork the algorithms and go to a smaller division. As bitcoin valuation continues to increase (if indeed it does), those who started early and have significant stores of the currency will undoubtedly monetize it into actually useful fiat currencies and free up more of the existing stock for “investment”.
Plus, of course, bitcoin is far from the only cryptocurrency available.
xcv • February 11, 2021 11:01 PM
Ransomware is now an established worldwide business
The technicalities of how ransomware works are one thing from a cryptography and computer security perspective — but we “non-experts” have to fit it into “the usual” political framework of vice, extortion, blackmail, kidnapping, murder-for-hire, and similar crimes — and assess the complicity of local everyday working cops on the beat in serious organized crime and the extent to which police stations and law enforcement intelligence community “fusion centers” among other law enforcement assets and resources have been infiltrated and co-opted by social networks of highly organized crime and criminal activity, to wit, “thieves in law” or воры в законе; although one might better say “thieves within the law” to better distinguish them from “in-law” family members.
I was at the post office today, mailed off a complaint of police misconduct, vice, and serious crime. Two hours later I returned to the post office to inquire about tracking the shipment of the letter, was met by another customer slinging a gun — he started going for his gun, and I left the post office immediately. I went back online to track it, discovered it had gone out with the mail already, too late for that local law dude to rob the post office and hold up the employees for the letter. Then later at night I noticed a car, a black SUV with dark smoked glass windows cruising down my driveway in my neighborhood. Found somewhere else to sleep.
Last time I mailed a criminal complaint, I was hustled at the post office by the local city attorney, a perfect “gentleman” dressed to the nines for court, tried to grab the letter from me while I was standing in line before I was able to ship it off.
These small town law people got too much local $#!+ to hide, girl or two picked up by a momma cop for prostitution, something like that, and the dude cops are struggling to zip up their pants for court, seeing as how Valentine’s Day is approaching, perfect opportunity for arranged accidents and premeditated heart attacks etc., and they’re desperate to keep that $#!+ local, but they’ve got too many political connections outside, and it’s gotta come out in court sooner or later who’s paying these professional goons to make such asses of themselves.
SpaceLifeForm • February 11, 2021 11:49 PM
@ Clive
I’m smelling crypto-dots. A lot to consider. But consider the locations.
Both Nevada and Florida have no state income tax. And a great way to launder money is to lose it at a casino. Someone near Miami may like.
hx tps://decrypt.co/56823/nevada-may-give-government-power-to-tech-crypto-firms
hx tps://www.newsweek.com/miami-passes-resolution-allow-paying-city-workers-bitcoin-attempt-woo-big-tech-1568784
ht xps://www.prnewswire.com/news-releases/koch-real-estate-investments-acquires-title-to-75-complete-hotel–casino-resort-in-las-vegas-301227226.html
Patriot • February 11, 2021 11:51 PM
Is there an international police body that fights cyber-related crime?
If there is, they all need to be fired. If there isn’t, then it needs to be created.
The West is largely a big sitting duck. One wonders when people will care enough to stop it.
xcv • February 12, 2021 12:23 AM
@ Patriot
Is there an international police body that fights cyber-related crime?
If there is, they all need to be fired. If there isn’t, then it needs to be created
That’s a lot of cops to fire. Some of them, inevitably, are going to fire back.
The West is largely a big sitting duck. One wonders when people will care enough to stop it.
Guns are banned, and we’re sitting ducks to deep state political apparatchiks. They want to stop our way of life of freedom, individual rights, and private property, of course.
How are “we” going to stop “them?” Can we assume or at least take it at face value for what it is that people who call themselves “patriots” are on our side to promote and preserve such ideals?
That remains to be seen.
SpaceLifeForm • February 13, 2021 11:36 AM
@ Clive
Recall that one can decrypt what looks like garbage into better smelling garbage.
Here, the ransomware op gave out the wrong key.
This is why you have backups, and well tested backup and recovery procedures.
h xxps://www.twitter.com/demonslay335/status/1360396124901752832
Clive Robinson • February 13, 2021 6:47 PM
@ SpaceLifeForm,
Here, the ransomware op gave out the wrong key.
Which is a bit silly of them.
Part of them getting paid is their reputation, after all if the story gets about that “Ransomware attacker XXXX” does not give the “recovery key when payed”… Why bother paying them.
So yes the “suggestions” might just get taken up by ransomware attackers just to ensure their reputation remains good.
As for,
This is why you have backups, and well tested backup and recovery procedures.
The problem as I’ve mentioned before is “testing” most do not have a clue how to do it properly, and in other cases the resources to do it…
Sometimes you might be better off with a USB thumb drive, providing of course you have a way to test it first…
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Clive Robinson • February 10, 2021 11:08 AM
@ Bruce,
I’ll be honest and say, I’m surprised it’s only “$350 million” that’s still tiny compared to say “Payment Fraud” (Credit/Debit card etc) which was estimated to be last year about 32.5 billion, but as that was increasing due to COVID might be higher when all the figures are in.
The fact that this was just crypto currency payment makes an interesting side issue.
As crypto-coins are deliberately limited in the number that can be mined/minted as crime –that uses them as a form of anonymity– rises supply will become more limited in the face of demand.
So apart from the fact that a good case could be made that those who mine and exchange cryptocoins are “living on criminal proceeds”, the basic law of supply and demand would push the price up so the investors would also be likewise living on criminal proceeds…
But the more interesting thing is that as the demand rises the likes of investors hording cryptocoins further reduces supply and you start heading for a “Black Tulip Bulb Market”
That is the demand creates a percentage increase in demand by speculators which is a basic exponential rise.
However as the supply of coin starts to limit a secondary effct of resorce restriction applies.
Thus you end up with a restricted resource population rise effect which is another exponential curve but this time to a limit (see logistic, sigmoid curve or more correctly) a smoothed response to a Hammarad Step function.
But at some point above y=0.5 which is the point of fastest rise investors will start to want to get their money out of what is now a hot “potato game” which will cause an exponential decay that is in effect a run on the investment…
Thus you in effect get an inverse step function that is again smoothed.
This “boom and crash” cycle will at some point start again as long as crime carries on using crypto coin for it’s anonymity. What would otherwise appear to be a smoothed irregular squarewave will actually have a multiplication or lift factor, which will be another much slower exponential rise as long as the underlying demand of crime persists.
So,
1, Crime demand.
2, Speculative investment.
Will cause a chaotic oscillation effect which as long as the crypto coin resource remains of finite size will not stop.
But if you introduce a second or more cryptocoin system the problem will still tend to converge on the first cryptocoin system due to investors.
Some investors will be wise enough to get their coins out of the primary system just before it starts to enter the hot potato / run phase, and thus start pushing up another coin system. Which as it rises will attract across other investors…
You thus end up with two or more loosly locked chaotic oscillators which will behave in as an unpredictable way as a those cute jointed pendulums.
Such chsotic behaviour attracts power investors who will then try to manipulate the market.
This could give rise to a new form of High Frequency Trading and as a consequence spread out the instability into the macro markets…
There is of course another way to partianly limir this which is the old,
“Refuse to pay ransom”
Thus I suspect new legislation will come along…
Interesting times for those young enough not to care how much their rump gets exposed as they fly about.