A new Bitcoin Ransomware is spreading through email, hitting mainly italian email accounts. But this epidemic floods in Europe. Affected users find their files heavily encrypted, and are required to pay 500$ in Bitcoin to obtain the decryption key.

Cointelegraph got the signal about the same problem from Slovenian Bitcoin Association. In the last few days, Slovenian mailboxes have been flooded by emails containing malicious file attachments.  Inside the attachment there is a well hidden javascript file. Once the recipient opens the malicious javascript, the script connects to a remote server and downloads the malicious code. If the affected computer is not or poorly secured the infection takes place.

Antivirus vendor Eset has classified and named the threat JS/TrojanDownloader.Nemucod.

According to virusradar.com, about 47% of the total are marked in Italy.

This evening, somebody opens an email and suddenly his hard disk begins to work frantically. After few minutes, in each folder in the hard disk, a message reads: pay 500$ in Bitcoin to this address if he wants the files back. The problem: he doesn’t know what Bitcoin is.

This is probably the most common scenario for this ransom to take effect, as the Bitcoin enthusiast, the type of person which still constitutes the “Bitcoin population”, is somebody that usually knows more than the common pc user, and keeps his OS and antivirus updated.

Since Bitcoin is now part of his pc or smartphone, he now puts even extra attention on security.


Computer Illiteracy One Of The Main Issues

But “computer alphabetization” is still so weak: there’s a huge amount of people that do not update their OS or even don’t install an antivirus, or launch anything they find on their desktops, even when they hadn't ever seen that icon before and they don’t know where did it come from.

And they are the more susceptible to this type of attacks.

Roman Mandeleil, adapter of Ethereum to Java, says that:

“It's really not hard for a good pc user to create this kind of software, because the internet is full of tutorials that teach how to do such things.”

But he also blames it onto users’ lack of knowledge:

“But the industry is well prepared as well, it's responsibility of the users to be more educated and to use Antivirus and Anti Malwares”

Though we could argue that, after over 15 years of antivirus in circulation, their need for them is evident, but no OS come with a built-in antivirus yet.

Hard Situation

Jure Pirc, leader of Bitcoin Association Slovenia, one of the most affected countries, reports:

“We are aware of the ransomware/trojan and we have already been contacted by several individuals and businesses about the threat. Bitcoin association Slovenia has issued a public notice warning people to be careful with strange emails even from people they trust as email headers can be spoofed".

The most important thing though, is to take action and keep safe:

“In Slovenia in at least one case a company paid the ransom, while for two companies backup files were restored after threat was neutralised.

It is of most vital importance that any individual or company has a data backup plan so in case of any such issues data can be easily restored to a clean/uninfected computer. And of course regularly download OS updates, install an antivirus and keep it updated, and never launch any icon if you don’t know its origin.”

Regarding the possibility of damaging the Bitcoin reputation, Jure states that:

“We are 100% against this type of cyber criminal activity and we will always defend Bitcoin and crypto technologies and their  fair usage.

For people that have had no previous contact with Bitcoin, paying a ransom to unlock their files for sure is not helping Bitcoin and its legitimate usage. People need to know that ransomware/malware has existed since 1989, to this is nothing new if one is aware of the daily threats that lurk in the web of cybercriminals.”

Before cryptocurrencies’ advent, this type of ransom was practically impossible: a hacker surely couldn’t ask to deliver a ransom to a bank account, and cash was dangerous to catch at delivery. That’s why ransoms would only be put in place on rich preys. Bitcoin makes ransoms effective at any level, it has made this type of crime very, very simple. And tracing the felon back is practically impossible. Or is it?

Ghost Security Group seems in some measure able to track down the owners of the addresses. We must not forget that Bitcoin does not grant anonymity, only pseudonymity, and with some investigation it can be possible to trace back the owner of an address, depending on how well he masked the transactions.

However, it is sure that some people are going to learn what Bitcoin is, and how to use it, the hard way, while climbing back up from the pit and recovering their data.

This will also grant Bitcoin some advertising, even though at first impact, affected people will probably hate it.