Stephen Diehl

Malware is not a new phenomenon, it has existed since the 90s and has seen massive proliferation ever since the rise of widespread internet connectivity and home computing. (2/)

What is a new phenomenon is 'ransomware' which is a form of malware which infects a target's computer, encrypting or threatening to delete their files in exchange for a ransom to be paid to the hackers. (3/)

Previously if malware had infected a network, the criminals had very few options by which to extort money from their victims. There simply wasn't a channel by which to extort their victims without builtin safeguards and government intervention. (4/)

They could demand victims buy anonymous prepaid gift cards like MoneyPak, however these cards at capped at $1,500 and are traceable at any point of sale where they're used. Thus the scale of the number of people you'd have to exploit to make this profitable is enormous. (5/)

Hackers could demand a international wire transfer, however that requires that hackers hand over the routing information to their bank account, which in most jurisdictions requires government identification to open the account. So that doesn't work. (6/)

Hackers could demand a physical delivery of bank notes in person, that requires the victim to live in the same country as the criminals and there's nothing stopping the victim from calling the FBI or NCA to come and intercept the dropoff. Very risky for the criminals. (7/)

Cryptocurrency provided the perfect answer to allowing hackers to prey on their victims and extort unlimited and anonymous cash payments while completely minimising their exposure of being caught by law enforcement. (8/)

Now the hackers simply have their victims purchase Bitcoin, Monero or Ethereum from an exchange in their jurisdiction and have them send it to an anonymous wallet. It's untraceable, cross-border, uninterceptable and there's no upper bound on the extortion amount. (9/)

The financial system has innate measures to prevent this kind of indiscriminate extortion. Your local bank would simply never allow you to transfer hundreds of thousands of dollars to an anonymous stranger in Russia and that's part of the security of the system by design. (10/)

Now some people might claim that a "public blockchain ledger" undermines the criminogenic nature of cryptocurrency by making it traceable. This is myth, it's terribly easy to launder money on a blockchain. Hell, there's even automated services to do it for you. (11/)

I'll even tell you precisely how the crooks do it, not in any way as an endorsement, but because law enforcement already knows exactly how its done and it's a matter of public record in many court cases. (12/)

1) Receive ETH tied to crime 2) Send to http://tornado.cash  3) Withdraw from http://tornado.cash  4) Now you have clean ETH in a fresh wallet not tied to identity 5) Use a DeFi non-KYC exchange to swap for another token 6) Use KYC exchange to swap token for dollars/euros

The public blockchain story is a lie the crypto "industry" tells itself to hide the inconvenient truth that the only actual use case for cryptocurrency is speculative gambling and extortion. (14/)

Ransomware is growing exponentially because if you have a technology that enables the perfect crime that is both highly lucrative and removes any risk of being caught, there's very little reason to do any other type of cybercrime. A storm is coming. (15/) https://www.stephendiehl.com/blog/ransomware.html …