The falling value of Bitcoin is leading many ransomware makers to convert BTC ransom payments into other forms of currency as soon as they are able.
According to Etay Maor, senior fraud prevention strategist at IBM Security, this trend is evident in underground computer criminal forums.
“They use Bitcoin for the money laundering part and take payment with it, but they’ll move it out almost immediately,” Maor told The Register.
“Most of them won’t keep Bitcoins – they don’t like the valuations Bitcoin has – so they just use it as a layer of obfuscation, and move it to a different form of money.”
Maor is one of the speakers at RSA Conference 2015. On Wednesday, April 22nd, he presented his talk, “Major Cyberfraud Innovations in the Last Twelve Months,” which examined how computer criminals have adopted more sophisticated tactics in the past year.
The BTC value first peaked back on December 4, 2013 at USD 1,147.25, according to CoinDesk. That price has steadily declined over the past two years.
Bitcoins are worth USD 231.38 as of this writing.
Despite the instability of their value, the apparent anonymity of Bitcoin transactions has in part facilitated the growth of the ransomware market. Ransomware is now distributed to most English-speaking regions around the world, with computer criminals increasingly turning their attention to the Far East, including South Korea, Japan, and Malaysia.
Ransomware makers are also embracing new targets, including entire web databases of financial organizations, video game files, and school computer systems.
Even so, security professionals are pushing back against the expanding ransomware market.
Just this month, Kaspersky Lab released decrypting tools for two different strains of ransomware—CoinVault and Scraper—that allow users to regain access to their files.
Victims of ransomware should never pay the ransom payment as they have no guarantee that doing so will lead to the decryption of their data.
For more information about ransomware, including how you can protect your computer against this type of malware, please click here.