The computer of a Allegheny County district attorney Stephen Zappala, a state prosecutor in Pennsylvania, was infected by a ransomware known as Avalanche. Zappala paid US$1,400 in bitcoin to decrypt his computer and gain access to his files.
Avalanche is arguably the largest ransomware operation to date which was cracked down by the the U.S Federal Bureau of Investigation (FBI), Europol and agencies across 30 countries globally earlier this year. The international investigation led to the seizure of over 800,000 domains, 39 servers and 5 individuals, a group that allegedly ran the Avalanche network.
In 2015, Zappala’s office was hit by the ransomware Avalanche an employee tried to access a government link in an phishing email. The email link redirected the computer of the prosecutor’s office to Avalanche, which encrypted files and data stored in the computer.
The US Department of Justice, which participated in the global investigation on the Avalanche network, stated that over 500,000 users were affected and fell victim to Avalanche on a daily basis. It also noted that state agencies were affected by the ransomware.
“Several victims of Avalanche-based malware attacks are located in the Western District of Pennsylvania. A local governmental office was the victim of a Nymain malware attack in which computer files were encrypted until the victims paid a Bitcoin ransom in exchange for decrypting the files,” the US Department of Justice stated.
The Associated Press revealed that the local government office emphasized by the Department of Justice was the office of Zappala, which was hit by the same ransomware.
“The Avalanche network, which has been operating since at least 2010, is estimated to involve hundreds of thousands of infected computers worldwide,” the U.S Department of Justice stated. “The monetary losses associated with malware attacks conducted over the Avalanche network are estimated to be in the hundreds of millions of dollars worldwide, although exact calculations are difficult due to the high number of malware families present on the network.”
Most victims were forced to send a bitcoin transaction in the range of $1,000 to $2,000 dollars. Considering that hundreds of thousands of users were affected by the ransomware, it is highly likely that the Avalanche network gathered over $1 billion, the majority of the payments settled through the bitcoin network.
By nature, bitcoin is far from anonymous. The bitcoin blockchain, which facilitates the peer to peer transactions on a decentralized network, demonstrates data and information of all payments processed within the network. Because each transaction holds the payment and settlement history of previous transactions, through a technology called transaction untangling, it is possible to find the origin of the payment.
Currently, there exists several technologies that could potentially anonymize transactions within the bitcoin network. These include a Bitcoin Core solution MimbleWimble and CoinJoin, a project led by bitcoin startups including popular wallet service provider Mycelium .