Bitcoin Friction Is Ransomware’s Only Constraint

In January 2017, I began tracking the “customer portal” of an innovative new family of crypto-ransomware called Spora. Among its innovations are a dedicated domain (,, et cetera) running a Tor web proxy, HTTPS support, an initially lower extortion demand, and tiered pricing with options to unencrypt individual files (up to 25Mb in size) rather than all.

Also part of the portal… a group chat function for support requests. Multiple conversations all strung together, making for a fascinating read overall. Public Communication

Among recent conversations is a link to a forum page on the site Bleeping Computer where the “Spora Administrator” wanted reviews left, as evidence that paying the extortion results in unencrypted files.

The bulk of clicks, according to statistics, occur on a Tuesday. FYI: running a cyber extortion scheme is a regularly scheduled job and spam runs go out on Tuesdays.

A great deal of the chat support issues revolve around one thing… Bitcoin.

7: I dont have a bitcoin account yet and cant make it within 3 days, as you know.

Support: We removed all deadlines for you.

Apparently “7” thinks it’s not so easy to setup a Bitcoin account “as you know”.

And here’s another practicality, many people exist in the cash economy.

A: Admin, I dont know what checked the course means. It is hard to purchase bitcoins in the US I drove over 200 miles to purchase 500 worth, they took 10% you take 11% I had USD70 in a different wallet you took 11%, you have USD466 and I have no way to purchase more until tomorrow and will once again have to drive 200 mile to get them and get home. Please consider.

Support: No problem

Many people don’t have the needed resources to buy Bitcoins online. Credit is required, and there are plenty of people with insufficient credit. For them, a physical Bitcoin ATM or “brick-and-mortar” retailer is required.

We should be thankful that there are at least some limits on purchasing Bitcoin. If it were any easier to do so, very little else would check the growth of crypto-ransomware’s business model. The malware technology to encrypt data has been possible for many, many years; the bigger challenge has always been getting paid.

In the past, cyber crime schemes (such as scareware) have been killed off by disrupting the money supply. The same may well be true of cyber extortion; to kill the business model, it may be necessary to ban Bitcoin.

This article was originally published in our State of Cyber Security 2017 report.

Now available! A new supplemental appendix which includes 34 pages (more than 20,000 words) of Spora “tech support” chats.

Tagged: Crypto, Malware, Ransomware, Th3 Cyb3r, Threat Report Source:

Leave a Reply