The Disney film studio's announcement of hackers threatening to release one of their movies unless a bitcoin ransom is paid has once again unleashed a flurry of media attention targeting cryptocurrency as a tool for nefarious acts.
Disney CEO Bob Iger in a statement on May 15 asserted that the film company has no intent of complying with the ransom demand and is working with federal authorities as a part of an in-depth investigation. He confirmed that the hackers had demanded that the ransom be paid in bitcoin and that the film would be released online in a series of 20-minute increments if the demands are not met.
Iger did not name the film, but a number of media outlets are reporting that it is Pirates of the Caribbean: Dead Men Tell No Tales, the fifth installment of the Pirates series featuring star actor Johnny Depp.
Disney is not the first firm to come face-to-face with ransom threats of this nature. In recent months, a trove of hackers released season five of Orange is the New Black when Netflix elected not to pay a ransom.
Security experts are trying to unearth how the breach occurred, likely assessing whether it was the result of poor IT security protocols on the part of Disney or human error. Regardless, the use of bitcoin as a targeted ransom strategy seems to be growing in popularity among cybercriminals as is the case with the WannaCry attack that recently created massive upheaval around the world.
As a result, questions are again being raised about whether attention should be solely directed to bitcoin as the source of these attacks. Bitcoin Blockchain expert Andre DeCastro says, not so fast.
“All of this goes back to the fact that present day systems and channels of communication that are being used by companies and into devices have poor security. They’re not using good encryption mechanisms and cryptographic communication tunnels. So at some point, the systems get compromised, and data gets stolen.”
He goes on to note that these attackers are using bitcoin not because it is truly a threat, but because it is simply an easier way at present to receive payment and hide your tracks.
“It’s nothing more than another payment mechanism, that’s it.”
DeCastro offered an interesting and somewhat amusing insight about bitcoin ransoms based on his recent monitoring of the three BTC addresses tied to the WannaCry virus.
“As of yesterday (May 14) evening, the attackers had only received a total of $58,000 in ransoms. So why in my view is that ironic? Because with all of the media around this being so large, if the attackers had tried to make money from an online advertising strategy alone, they would have garnered so much more than by asking for it in bitcoin,” he says with a wry chuckle.
DeCastro concludes with one additional thought: “In essence, this whole thing has been rather comical. In reality, the hackers are going to need to work really, really hard to make those bitcoin’s untraceable. Because in reality there are many startups like my own can trace them and do analytics. In essence, what I’m saying is that these criminals weren’t very smart. They should have used different tactics.”