How Cryptocurrency Gave Birth to the Ransomware Epidemic

This article is a writeup of the sixth episode of CRYPTOLAND, Motherboard’s documentary series about how cryptocurrency is affecting culture, politics, the environment, and our shared future. Watch it on Motherboard’s YouTube.

Ransomware has become an epidemic on the internet, targeting businesses, government agencies, hospitals, and schools, with hackers attempting to extort victims.

It’s a decades old problem, but it has become prevalent in the last few years, when dozens of cybercriminal gangs have started developing their own ransomware, or creating affiliate programs where the ransomware creators share the code with others in exchange for a cut of the proceedings. Initially, hackers targeted individuals, asking for a few hundred dollars in Bitcoin, but now they go after bigger targets, which they can extort for larger amounts, and which cannot afford to remain without access to their computers and servers, such as Colonial Pipeline. 

Affton High School in Missouri is just one of around 1,000 U.S. schools hacked last year with ransomware. On Feb. 24, 2021, all the school’s systems were affected by a ransomware attack. 

On that day, Adam Jasinski, the director of technology for the school’s district, woke up to an email from a teacher that contained a screenshot of a ransom note. 

“I knew something was wrong right away because I can see that the screen I use on the desktop and it was blue,” Brian Esselman, a teacher at the school, told Motherboard. “It said some very rude things of course and I realized right away that this was a problem.”

Jasinski rushed to work, “panicking the entire time” he was driving, he said.

He then checked the server room, while the superintendent called off the school day. 

“Every byte on any types of your devices was encrypted. Don’t try to use backups because it were encrypted too,” the ransom note read. “To get all of your data back. Contact us.”

Jasinski said he quickly concluded that the hackers had stolen data from the school district’s HR department containing social security numbers and other personal data of around 1,000 people.   

Luckily, the school’s backups were not impacted. So Jasinski did not even have to contact or engage with the hackers at all. 

When ransom payments do happen, companies like Chainalysis can track the Bitcoin through the blockchain, identifying the hackers’ wallets and collaborating with law enforcement in an attempt to recover the funds or identify the hackers themselves. 

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.