It was an audacious and callous scheme. A parcel bomb, mailed to a crowded German market, with a ransom note demanding €10 million in bitcoins. Had the device packed with gunpowder, shrapnel, and nails detonated, the casualties would have been extensive. In the event, the bomb, like the ransom demand, proved to be a damp squib. Bitcoin blackmail attempts – like everything else associated with bitcoin – have soared this year. There’s just one problem, from the perpetrators’ perspective: no one’s paying.
Bitcoin Blackmail is Harder Than It Sounds
The notion of an untraceable digital currency that can be used to extort millions before hackers disappear into the matrix with their ill-gotten gains is screenplay gold. It’s the sort of premise to get TV scriptwriters foaming at the mouth. Grey’s Anatomy is the best-known drama to have fallen for the bitcoin blackmail meme. Last month, the show’s mid-season finale showed the hospital succumbing to ransomware, causing blue screens of death across the board.
SC Magazine describes the action:
Patients’ monitoring systems all begin to flatline at once, even though there is no medical emergency. One doctor even mistakenly shocks a sleeping man with a defibrillator because it falsely appeared as if his heart stopped.
The most unrealistic aspect of the show wasn’t the malfunctioning machines however – it was the ransom demand. In exchange for rebooting Grey-Sloan Memorial Hospital’s systems, the hacker wanted 4,932 BTC worth $20 million at the time, and substantially more now. In real life, ransomware demands are significantly lower, and it’s rare for organizations to pay up. One hospital, Hollywood Presbyterian, did accede to ransomware demands this year, but only to the tune of $17,000.
This week, Mecklenburg County in North Carolina was hit by a ransomware attack, with the hacker demanding $23,000 to decrypt the files. Government officials pondered the matter but eventually refused to pay up. Even the most successful ransomware attack to date, Wannacry, which affected over 230,000 computers, raised a total of just $140,000 in bitcoin.
Festive Fear Without the Good Cheer
Perhaps the boldest bitcoin blackmail attempt to date is that of Potsdam Christmas market, which was targeted on December 1 via a parcel bomb sent to an adjacent pharmacy. Attached to the DHL delivery was a ransom note and a QR code for the address the bitcoins should be sent to, with a warning that further bombs would be despatched if the attacker’s demands weren’t met. As it was, the bomb failed to detonate, emitting nothing more hazardous than a hissing sound. Its intention was presumably to scare rather than to explode, as the blast would have also obliterated the ransom note and bitcoin address in the process.
The sort of criminals capable of dreaming up these schemes seem to be divorced from reality. In real life, no one ever pays a €10 million ransom – in bitcoin or any other currency. That sort of stuff only occurs in TV dramas. In fact, that may well have been where the German bomber drew his inspiration. In the Grey’s Anatomy episode which aired two weeks prior to the attack, the hospital gave in to the hacker’s demands and paid the ransom. All $20 million of it.