Building Smarter Ransomware
Matthew Green and students speculate on what truly well-designed ransomware system could look like:
Most modern ransomware employs a cryptocurrency like Bitcoin to enable the payments that make the ransom possible. This is perhaps not the strongest argument for systems like Bitcoin -- and yet it seems unlikely that Bitcoin is going away anytime soon. If we can't solve the problem of Bitcoin, maybe it's possible to use Bitcoin to make "more reliable" ransomware.
Recall that in the final step of the ransom process, the ransomware operator must deliver a decryption key to the victim. This step is the most fraught for operators, since it requires them to manage keys and respond to queries on the Internet. Wouldn't it be better for operators if they could eliminate this step altogether?
At least in theory it might be possible to develop a DAO that's funded entirely by ransomware payments -- and in turn mindlessly contracts real human beings to develop better ransomware, deploy it against human targets, and...rinse repeat. It's unlikely that such a system would be stable in the long run humans are clever and good at destroying dumb things but it might get a good run.
One of the reasons society hasn't destroyed itself is that people with intelligence and skills tend to not be criminals for a living. If it ever became a viable career path, we're doomed.
Posted on March 7, 2017 at 8:15 AM • 22 Comments