Tuesday 24 January 2017

Adventures in BitCoin Land

If you need a bitcoin consultant/middle man to help you with a bitcoin transaction. I am now your man! I found that purchasing and transferring bitcoins is neither simple, nor quick if you haven't done it before and don't have the necessary accounts. As you will read below, it took a week of trial and error and patience to get setup and authorized to buy and sell bitcoins.

I recently had a customer who fell victim to a Crytolocker virus infection, which encryted all of their files and made them unusable. They were running active virus protection at the time, but it wasn't enough to stop the infection from happening. They didn't have a recent backup of their data, so they decided to try paying the ransom to get their files back.

The ransom note on the screen told them that they needed to contact the hackers at an email address to arrange for payment. Including information about the encryption key in the email, so the correct decryption key could be sent back, once payment was made.

The resulting payment notice email came in. It demanded 1 bitcoin (valued at about $845.00 CDN) be sent to the accompanying wallet address. Once payment was received, the email promised to send along a decrypting program that would unlock all the files once again.

Since the customer had decided to pay the ransom, it became my job to help obtain a bitcoin and make the payment. Here's where the fun really starts!

The bitcoin network has been active since about 2008. Bitcoins themselves are a digital currency which is valued like a stock on the stock market. The value of 1 bitcoin is always changing, and has gone from a value of $1 USD in April 2011 to today's market value of about $650 USD per bitcoin traded.

The private nature of bitcoin transactions is attractive to the darker side of the internet. Hackers and Crypto kidnappers can receive bitcoins without fear of being directly exposed. They send you a digital address (or wallet), and you send bitcoin to that address without knowing anything about the owner. The receiver of the bitcoin can then change it back into "real" money if desired using a bitcoin exchange. Members of a bitcoin exchange generally have to provide ID and be authenticated, but the source of their bitcoins is never questioned.

So, never having dealt with bitcoin before, I started looking into how to go about getting a bitcoin and making the payment.

Unlike other currencies, bitcoins can't be bought at the bank. There are a few physical locations that offer bitcoin trading in person, but most businesses are online only.

To purchase a bitcoin, you have to join a trading site of some kind. It was initially my intention to pay for the bitcoin with a credit card, but I soon found out that, due to the high occurrence of fraud and charge backs on credit cards used for bitcoin purchases, a new user had to make a number of small purchases over several weeks to authenticate the card and authorize it for larger purchases. This meant I couldn't use a credit card for the purchase, as I needed 1 bitcoin, and the site would only let me buy about .2 of a bitcoin!

So, back to the drawing board. I next found a trading site based in Canada that offered payments in familiar ways like e-trasfers for up to $2000 CDN. Perfect!

After signing up and completing the basic authentication, I found that I STILL couldn't buy what I needed, as in order to use e-transfers, you had to complete a level 2 authentication, which involved uploading documentation and ID to prove who you where.

I diligently gathered the required documents and uploaded them to the site to complete the authorization. Three days later I received a call to confirm my identity, and I was finally authorized to buy bitcoins! The total time elapsed to get to this point was 5 days!

I arranged for the e-transfer to send money into my account at the exchange. The site claimed it could take up to 24 hours to complete, but it was done by the next morning.

Finally, I was ready to buy my 1 bitcoin! I carefully created my order on the site for 1.04 BTC (I figured a little extra couldn't hurt), and filled in the required information. Satisfied, I clicked on the submit button.

Immediately, the money I had in the account went from $880.00 down to $2.76, but instead of seeing 1.04 BTC in my bitcoin account, I only had about .0456 bitcoin? Scrolling further down the screen, I found that the rest of my purchase was still pending, as there where currently no sellers to buy from?!? So the waiting began again.

The next day, I had my total purchase in my BTC account and I was finally ready to send my hard earned bitcoin to the hackers. I logged into my wallet to setup the receiving address for the transfer, and then sent the bitcoin from the exchange. Within a few seconds, the transfer was complete and I had my 1 bitcoin in my wallet, ready to send.

So, I clicked on Send and filled in the information, including the hackers wallet address. I was surprised to find that when I entered the amount of 1 bitcoin in the amount box, it changed to about .999990452 bitcoin instead of 1. I had forgotten to account for the transaction fee! Since I only had 1 bitcoin in the wallet, the system automatically stripped the fee out of the transaction. The hackers wanted 1 bitcoin, and at this point I wasn't going to send them .9999990452 bitcoin instead. So back I went to the exchange and sent .01 bitcoin over to my wallet to pay for the transaction fee. I was very happy that I had purchased a bit extra!

I prepared the Send transaction again, and sent the coin on its way. The total elapsed time was 7 days. Ouch!

Within about 12 hours, we received the instructions from Mr. Hacker on how to download the unlock program, which was embedded in a questionable and no doubt, anonymous software download site. My Malware protection lit up with alarms as I went to enter the site, but I pushed on and did get the unlock program downloaded.

After running the program and unlocking the encrypted files, my customer finally had their data back. The total time with decryption was about 10 days! The unlock program did work, but it wasn't quick.

While the process was interesting and very adventurous, I wouldn't recommend exposing yourself to this type of file kidnapping. A good virus scanner and Malware blocker is essential to avoiding getting locked out of your own files. A backup is also critical as it can protect you from ransomware, and also equipment failure on your desktops and servers. Important to note, is that ransomware infections will search all connected drives (even Onedrive and Dropbox if logged in), and attempt to encrypt any files found on those drives, so a backup that does not remain connected to your computer at all times is also recommended.

Being prepared before you become a victim is the key here, so even if you are running virus protection, consider adding Malwarebytes or other live scanners that specifically look for web based threats, and are proven to be able to fend off Crytolocker infections.

Safe browsing everyone!

Phil Crossley
HiRes Solutions

No comments:

Post a Comment