Back to Spotlight

Bitcoin has become the currency of choice in the cyber-crime industry. It seems that cryptocurrencies are fuelling the ransomware pandemic. In 2020, companies paid more than $400m worth of Bitcoin in ransom to recover access to their data.


But what makes Bitcoin so attractive for criminals?



  • First, let’s look at “real money”, the value of goods, and supply and demand. The value of an object in our real world is determined by its ascribed worth to a potential buyer. The author writes: “A Rembrandt portrait would be only so much firewood, but for the greatly esteemed skills of the artist.”
  • To pay for these objects, we rely on national currencies, often called “fiat currencies”. These bank notes and coins have marginal inherent value (they are in essence a worthless piece of paper), but we believe they have value because they are issued by governments
  • Unlike fiat currencies, Bitcoin isn’t linked to a national economy, because it does not rely on a centralised command and control structure. Because its value is based exclusively on supply-and-demand, Bitcoins fluctuate heavily
  • But what makes Bitcoin so attractive for cyber criminals?
  • First, they allow near-untraceable financial transactions because they evade regulation and anti-money-laundry principles. Attackers can demand ransoms in Bitcoin without having to fear being detected and arrested based on monetary flows
  • Second, concealing monetary flows is staggeringly easy with the use of cryptocurrencies, compared to traditional bank transfers


Why does this matter for cybersecurity and businesses?

  • In theory, all of this should not matter for businesses, because they shouldn’t be in a position to having to transfer Bitcoin in order to get their data back. But because more and more businesses have to deal with ransom demands, it does matter.
  • Ideally, instead of figuring out how to pay a ransom in the case of an attack, organisations should proactively adopt strategies that prevent ransomware attacks or accelerate recovery when they do occur – without needing to make a payment. 


Read the full article here