nito - Fotolia

Expect ransomware arrests soon, says bitcoin tracking firm Chainalysis

Law enforcement organisations are set to ramp up arrests of cyber criminals behind ransomware attacks, according to financial technology startup Chainalysis

Ransomware has become one of the biggest cyber threats to business, healthcare and government organisations in the past six months, but bitcoin tracking firm Chainalysis expects the tide to turn.

Cyber criminal gangs that extort money by encrypting data using malware or threatening distributed denial of service (DDoS) attacks, typically demand payment in bitcoin so it cannot be traced.

But in the past two years, the Chainalysis startup has been selling its bitcoin-tracing technology to law enforcement agencies in the US, Europe and Asia.

“Expect to see some arrests soon as law enforcement agencies wrap up their investigations into several ransomware operations,” said Michael Gronager, CEO and co-founder of Chainalysis.

“The ransomware industry is probably worth more than $100bn (£76bn) a year, but hopefully our technology will help to reduce and contain that as people are arrested and sent to jail,” he told Computer Weekly.

There have already been some arrests as a result of law enforcement using the Chainalysis technology, said Gronager, relating to the cyber extortion gang known as DD4BC (DDoS for bitcoin).

“Bitcoin transactions used to be anonymous, but our software is capable of linking the source and recipient, so, in effect, bitcoin has become less anonymous than cash,” he said.

As Chainalysis software becomes more widely deployed, the number of jurisdictions in which cyber criminals can use bitcoins with impunity will be very limited, he said.

Mistake by hackers

Gronager believes the recent theft of about $66m worth of bitcoins from the Hong Kong-based Bitfinex exchange was a mistake by the hackers.

“Whoever took those bitcoins has a bit of a problem because the minute they use them, we will be able to trace them,” he said. “It is a bit like sitting on a pile of marked banknotes.”

Chainalysis was founded by Gronager and two others working in the bitcoin exchange industry in response to the lack of tools to assess risks involved in bitcoin transactions.

“Banks needed a monitoring tool to identify money-laundering activities and verify if bitcoin transactions were attached to legitimate business activities,” said Gronager, who is originally from Denmark.

He and co-founders – fellow Dane Jan Moller (chief technology officer) and Briton Jonathan Levin (chief revenue officer) – set about building the tool, completing the work in just a few months.

Anti-money laundering

Although the tool was mainly aimed at providing anti-money-laundering systems for companies active in the blockchain and bitcoin space and financial institutions that provide banking services to the blockchain industry, the tool’s anti-cyber crime application soon become clear.

Chainalysis began working with police in San Franciso on several investigations involving bitcoins, rapidly making wider contacts with law enforcement organisations in the US and elsewhere. As a result, law enforcement now accounts for a significant portion of Chainalysis’ customer base.

The company has since been involved in several high-profile cases, including investigations into the disappearance of £250m worth of bitcoins after the collapse of bitcoin exchange MtGox in 2014.

Chainalysis software enables law enforcement agencies to follow traces of bitcoin to find the services that cyber criminals are using to convert bitcoin into cash or other digital currencies.

Criminals’ revenues

Using Chainalysis, police investigations can also establish connections between victims and estimate the criminals’ revenues.

Although Gronager is unwilling to reveal the identity of its customers in law enforcement, he said more than half of the police forces in Europe were using Chainalysis software.

“It is also a matter of public record that our customers include Europol in Europe and the FBI in the US,” he said.

Chainalysis began to grow its customer base in the banking industry after taking part in the Barclays accelerator programme in 2015 for fintech startups in partnership with incubator firm Techstars.

“Working with Barclays has taught us how to engage with the enterprise market,” said Gronager.

Accelerator programme

“The accelerator programme also taught us how to raise investment and set up our headquarters in New York City, while Techstars has given us access to its global contacts and a network of several thousand startups, who have helped us to know how to work with certain investors,” he said.

According to Gronager, the Chainalysis software is essentially a search engine for blockchain ledgers, and he expects that to become an important revenue driver for the company in future.

“In the longer term, we expect blockchain to underlie most financial transactions in future, especially as it can provide unprecedented transparency if you know where to look,” he said.

Chainalysis enables financial institutions to receive reports on the blockchain activity of their customers to raise alerts and issues.

Read more about ransomware

The software breaks down blockchain activity by different categories so financial institutions can assess the risk of doing business with each of their customers using bitcoin transactions, spot emerging threats from the deep web and investigate ransomware or extortion notes in-house.

In the US alone, Gronager said there had been about 5,000 suspicious activity reports about bitcoin transactions in the past year compared with none the year before because the technology did not exist then  to enable financial institutions to see what was going on.

Brexit vote

Although headquartered in the US, Chainalysis has a small presence in Denmark, which is likely to become the company’s European hub, but the UK’s Brexit vote may necessitate some tweaks.

“The worst thing about the Brexit vote is that no one really saw it coming, and now we all have to figure out what to do about it,” said Gronager.

“A lot of consultants have been hired in the UK and Brussels to figure out what hit us, so billions of pounds are being wasted on consultants doing paperwork as a result.”

Chainalysis does have some competitors, such as Elliptic and Block Seer, but by getting in early, Gronager said the firm could win key clients and emerge as the market leader.

Read more on Hackers and cybercrime prevention