ELI5: What is Cryptocurrency Payment?
Bad guys demand to be paid in digital money that’s hard to trace — like getting paid in invisible coins that nobody can follow back to them.
Definition
Ransomware operators demand payment in cryptocurrency—primarily Bitcoin or Monero—because these digital currencies offer relative anonymity and cross-border transferability that make it difficult for law enforcement to trace and seize funds. The pseudonymous nature of cryptocurrency transactions significantly reduces the risk of identification for ransomware operators compared to traditional banking systems.
Key Details
- Bitcoin: The most commonly demanded currency; transactions are pseudonymous but recorded on a public blockchain that can sometimes be traced.
- Monero (XMR): Privacy-focused cryptocurrency with stealth addresses and ring signatures—much harder to trace than Bitcoin; increasingly preferred by sophisticated ransomware groups.
- Law enforcement agencies (FBI, Europol) have had some success tracing and seizing Bitcoin ransomware payments (e.g., Colonial Pipeline ransom partial recovery).
- Paying ransoms is not recommended by FBI/CISA—it funds criminal operations and doesn’t guarantee data recovery.
- Organizations should have offline backups to avoid needing to pay ransoms.
Connections
- Parent: ransomware — the payment mechanism used in ransomware attacks
- See also: encryption-based-ransomware