Data On The Blockchain’s Nefarious Use-Case: Ransomware

Data On The Blockchain’s Nefarious Use-Case: Ransomware

By Ian Demartino - min read
Updated 22 May 2020

The authors of the infamous CTB-Locker ransomware are using the blockchain to provide victims with the cryptographic keys needed to unlocked their encrypted files, according to a blog post by security company Sucuri [via: Computer World].

Ever since Joyce and David Mondrus became the first couple to commemorate their marriage on the blockchain, people and companies have been working towards a world where the shared public ledger known as the blockchain is used as a public notary and place to store important documents.

The world has not progressed to the point where a blockchain record is as legally binding as a public notary. But, blockchain records would be infinitely more difficult to forge and because of that, several companies are working on products related to document verification and storage on the blockchain.

Using the blockchain to transmit cryptographic keys required to unlock files held hostage is a use that doesn’t require any government approval to be effective, but it obviously isn’t the one people have been hoping would showcase the power of using the blockchain in this way.

Previously, according to Sucuri, ransomeware authors have been storing cryptographic keys on hacked web servers. This has been ineffective because web server owners will often find and delete the malware on their servers.  If there aren’t any hacked websites still linked to the particular piece of ransomware the victim is affected with, they will find themselves without a way to unlock their files, even if they pay the ransom.

Using the bitcoin blockchain solves this problem, by allowing ransomeware criminals to communicate with their victims in a reliable way. The victims are instructed to send bitcoin to one address. Once payment is made, that address will send out another transaction and will include the decryption key in the OP_RETURN field, a small bit of empty data in each transaction that is used to make notes or build programs (like colored coins) on top of the Bitcoin blockchain. That same data is what is used by companies that commit documents to the blockchain in hashed form.

Without a doubt, this new way of transmitting keys is more effective. It isn’t reliant on  third parties and it cannot be censored. That advantage is significant for the criminals behind CTB-Locker but it is also potentially significant for whistleblowers, political activists and even every day people as a safe place to store important documents (encrypted, of course). Privacy advocates, when talking about the growth of “the cloud” on the internet, are quick to point out that our data isn’t being stored in the cloud, it is really being stored on “someone else’s computer.” That is true. Data stored on the cloud is usually held on several computers owned by one entity. The blockchain is likewise stored on other computers, but it is thousands of other computers owned by hundreds of different entities. The blockchain is as close to a real “digital cloud” as you can get.

Granted, the CTB-Locker example is more akin to sending a message to the user than it is hashing a file on the blockchain, but messaging on the blockchain is not something that a lot of people seem to have interest in. Committing data onto the blockchain is and both share the same fundamental method: using the OP_RETURN data space to commit data to the blockchain.

This isn’t the kind of use-case proponents of document storage and verification on the blockchain were hoping would prove their concept. But it is a use-case for an industry that, without tacit government or institutional approval, has been struggling to find a popular one.

Still, its proponents can see the connection. Nathan Wosnack, the CEO of Ubitquity, a company dedicated the securing data on the blockchain, can see the correlation.

“That [CTB-locker used the] OP_RETURN method for delivering the decryption keys is a strong use case for an uncensorable method of storing and submitting data. Done either for malicious, altruistic, or political reasons. “

Bitcoin, likewise found itself in a similar position early on in its life. Bitcoin’s first popular use, outside of speculative investment, was being used in illicit and grey market transactions while enabling its users to remain more anonymous than if they had used fiat currencies or a service like Paypal.

There is a major difference between the two. The Silk Road and sites like it stood in defiance to the drug war, something a significant majority of the country agrees should end. No one, not even the criminals using them or the coders developing them, believe ransomware has a purpose higher than taking money from its victims.

Still, proponents of using the blockchain to store data are hoping that their technology can follow the same path. Wosnack continued:

“[Bitcoin’s] legitimacy is becoming more apparent to the mainstream public. And with this, we’ll see more established entities working to eliminate threats. Just as we saw in the mid to late 1990s, and the advent of the dot-com boom. more is at stake, therefore the motivation to counter ransomware will naturally rise.”

Committing Passports, wedding certificates, house deeds, last wills and other important documents to the blockchain clearly has a use, but that use will be limited if real world institutions and/or governments never accept them as valid documents, or at least valid backups. There isn’t a clear argument on why they shouldn’t, but it will won’t happen immediately. In the meantime, Ransomware will continue to illustrate just how useful a tool the blockchain can be for storing uncensorable or important information.

CTB-Locker is something nearly everyone would rather not exist, but perhaps the next time data on the blockchain hits the news it will be for something positive: The next big government or corporate leak, an alternative wedding that isn’t recognized in the participants’ home nation or the spread of political messages in authoritative regimes around the world.

If it is positive enough, it could overshadow CTB-Locker and alter not just the conversation about data on the blockchain, but also the blockchain in general.