The short answer is, the way Bitcoins work is that all transactions are published so that all users can verify them. The only thing anonymous is that a Bitcoin address is roughly speaking a random number, so there is no name associated with it, like a mythical numbered Swiss bank account.
Conceivably, one could create a special service to mix up Bitcoins (a bunch of coins enter from some set of addresses, and a bunch of coins flow out to a bunch of other addresses), or one could make use of an existing service like a Bitcoin casino, or one could print out Bitcoin keys and trade them like cash, or whatever. But all official transactions are visible, so you would have to know exactly what you are doing to successfully launder Bitcoins and/or convert them to hard currency.
There are programs that do the first part, you can get thousands of intermediate addresses shuffling coins around in weird patterns. The problem is that it’s really, really easy to write a program that analyzes traffic and traces the coins from a starting point to an end point regardless of how many intermediate addresses you throw in. Doing this makes the transactions look incredibly complicated to a human casually examining it, but won’t significantly slow a serious investigator.
Consider a cloud backup service. I use CrashPlan. It is reasonably priced, I can use it for every computer in my family, it encrypts content, and it backs up real time. You are always up to date, your backups can’t be lost, stolen, destroyed, or get bad sectors. You can restore from a version history instead of just the latest version.
The concentration of Bitcoin hash verification to a small number of groups is becoming a major problem in terms of both security and functionality. (If any group or coalition of groups achieves 50% control, it’s all over.) A lot of Bitcoin hashing is taking place in the PRC. This worries many people.
Here’s an article listing some of the major problems the system is facing.
I’d go with Machine Elf’s solution.
I’ve seen a lot more news about security breaches in online company databases than about external hard drives being stolen from under desks or basement shelves in homes.
But you’ve also got to weigh the relative odds of you screwing something up, versus professionals at a reputable company screwing things up. It’s not just about someone stealing the hard drive under your desk: You could also accidentally push the wrong button when you meant to restore and instead back up a virus onto your hard drive, or push a chair into the desk too hard one day and crack something, or accidentally give it a good static shock, or pull the cable the wrong way when unplugging it and bend or break a pin, or the backup disk could fail for any of the same reasons your primary disk might fail, and so on. There are a lot of possible failure modes, and most of them are a lot less likely with a professional service, plus even if they do happen to the pros, they’ve probably got multiple layers of protection like a RAID array, and so could recover from that, too.
…actually a combination of both solutions is the “best” bet. The “3-2-1 Rule” is the recommended “best practice”. I back up to a couple of hard drives, my photos are also backed up on photoshelter, and my documents at google drive. And I still could do better.
But if 50% control gives you complete ability to control everything, then anyone who does that will crash the value of bitcoin to zero. Stealing all the bitcoins is functionally equivalent to destroying them, because the only value in bitcoins is to exchange them.
From what I’ve learned more recently, they are using the encryption built into Windows to do the actual work. Maybe the encryption on Windows XP isn’t as good, hence the recovery.
It seems it is set up where it generates a private and public key, and then encrypts the private key with built-in public key, which can only be decrypted by their personal Dark Web server. It also generates a new quick key for each file, and then encrypts the key to those files with the public key.
In short, you have to send them your encrypted key over the net, and they, in theory, would decrypt the the key for you and back, and then you can use it to decrypt everything else.
However, they weren’t very good at doing this, making it hard to detect if payment has gone through. Plus, if they ever take their Dark Net server offline, then it’s game over.
The only way to salvage that would be for someone to track down their server and get their private key. That would then allow everyone’s files to be decrypted. And this has happened with ransomware before.
These guys are not like the other guys that care about making sure they can decrypt. So the experts do not recommend you pay.
A related question that I’ ve been thinking about: I’m wondering if the hackers behind WannaCry have thought through the economics of their ransomware. The ransom they demanded was not a fixed bitcoin amount; it was $300 worth of bitcoins. You would assume that if their plan had worked as intended, i.e., lots of people had been willing to pay the sum demanded, then this would drive up the price of bitcoins against dollars (more demand for bitcoins by people willing to pay dollars). The bitcoin amount they’d get would then go down with each payer. In the end, they’d end up with large amounts of bitcoin, and the reverse happens when they try to cash out by selling bitcoins for dollars: The value of bitcoins goes down with the sudden supply. The laws of the market would work against them twice: First they get fewer bitcoins in ransom, then they get fewer dollars for the bitcoins they collected. In the end, they’d end up with much less than $300 per victim who paid.
It’s not an all-or-nothing scenario. A Bitcoin cartel could stay secret while taking advantage of their control to siphon off coins a little at a time. Here and there reporting bad hashes for some coins but then “pocketing” them for themselves. “Hey, those Bitcoins you sent me turned out to be fake!” “No they weren’t!”
As to WannaCry and non-XP systems: the key recovery plus software for other Windows versions has been expanded. Still not a 100% sure thing (no reboot since infection and must be before the deadline) but it might help some people.
It appears that this works in a typical fashion: The key is stored in RAM while WannaCry is initially running. By scanning the PC’s memory and looking for certain values the key can be found.
This is a common hole in security software. A key or password is in RAM for a while and a memory scanner can find it.
I actually wrote a memory scan/search program many years ago so I could figure how programs stored certain data. Nowadays it can’t be so trivially done by regular users but the root user can and there’s the occasional exploit that can do this.
This depends on the scale of the ransomware payments versus the daily market volume of the bitcoin market. If the ransomware payments are spread out over, say, a month, and the daily volume isn’t too bad, there wouldn’t necessarily be more than a tiny amount of inflation of the value of the bitcoin. And vice versa - the ransomware authors would first need to launder their bitcoins, which would cost them a small percentage of the value, and then they might sell them off over a period of months.
first of all, keeve … owning a computer is a responsibility … not only to yourself, but to everyone you commerce with (family, friends, cohorts, strangers, etc.). if you don’t value your data and personal effects … means your accounts can be sabotaged … means hackers can obtain your credentials … means your friends’ accounts also now come at risk.
so … you do not back up your data … evidently the data is not important to you, keeve … therefore, you should not pay the ransom. there are 100+ indigents going through the turnstile right now … each with their own versions of ransomware to leash upon the unsuspecting world … each has their own agenda. these vagrants are not out for money … they are out for self-glorification and the bragging rights to say "i done this!". in other words … these are children who have not yet grown up.
300 idiots paid up … don’t become another statistic, keeve. if you still have opportunity … make back-ups and religiously obtain ms-updates. do not trust emails that have links (even from family) … rather, call the individuals on phone and make sure they sent that specific email with that specific link. do not click links in websites. get yourself an adblocker. update your av reference files. remove cookies. delete temp-files. maintain script-blocker … remove adobe-flash 'n sun-java from each of your browsers.
remember … the next wave of exploits may, indeed, emanate via “drive-by” instances … just opening a page will initiate the process. did you prepare yourself? the “hoodlums” have already got all your contacts … as well as your form-fills and stored passwords … ready?
and … if you cannot trust your own decisions, keeve … pull the damned plug and use the local public library’s computer. better than falling victim … better than inadvertently victimizing those you love as well. remember, owning a computer is a responsibility.
www … 666 … anti-christ … three in one … one and the same.
I was using “check” metaphorically. As soon as they’ve received payment from you, verified it, and (if necessary) converted it to a form that couldn’t be charged back.
EDIT: And yes, eventually they will be getting a check from the Bank o’ Bitcoin, or the equivalent. Once they get their bitcoins, what are they going to do with them? They’re going to trade them back to dollars at some exchange. And that exchange is going to give them their dollars in the form of a check, or a bank transfer, or some other traditional means of monetary exchange.
But how much more money are you going to get if you don’t provide the key unless you get even more money? Probably almost nobody is going to pay a second time, because why wouldn’t the hacker demand a third, fourth, and fifth payment?
The expectation for that demand for a second payment is very low. So low it’s not worth bothering to demand.
(