Cryptocurrencies are generating a buzz unlike any other currency in recent monetary history. This attention is not exclusive to the early risk takers and the most technologically advanced among us. Kidnappers are also slowly, yet increasingly, venturing into the cryptocurrency world. Given the increasing accessibility and use of cryptocurrencies, and their appeal to criminals, how should businesses prepare for a crypto-ransom demand? 

Around the world

The first widely reported kidnap for crypto-ransom occurred when kidnappers on 20 January 2015 abducted a Canadian national living in San José, Costa Rica and demanded USD 500,000 worth of Bitcoin. Control Risks has since recorded crypto-ransom kidnaps in 12 countries, as well as a gradual year-on-year increase in the number of reported cases. In 2017 we recorded an average of two cryptocurrency related cases every quarter; however, in the first half of 2018 this average rose slightly, to a case per month.

Countries where Control Risks has recorded crypto-ransom cases

An evolution: Perpetrators’ targeting patterns

Most of these cases present similarities: the kidnappers were able to competently exploit open source information to identify individuals whose crypto wealth had been publicly promoted and seek them out for kidnapping. In one such case beginning on 26 December 2017, a financially-motivated criminal group kidnapped an employee of a United Kingdom-registered cryptocurrency exchange in Kiev, Ukraine. The kidnappers released the victim on 29 December, reportedly following a ransom payment equivalent to USD 1 million in Bitcoin. 

However, more recent kidnaps involving ransom demands in cryptocurrencies, including the 20 May abduction of a 13-year-old boy from a playground in Mpumalanga, South Africa, reveal that crypto-ransoms are also beginning to occur in countries where kidnappers’ targeting patterns and modus operandi are less sophisticated. As concern starts to grow over the development of the threat, the majority of kidnappers will lack the necessary technical sophistication and are unlikely to move with any haste towards demanding crypto-ransom payments.

Future threat development 

The unregulated and perceived anonymous nature of cryptocurrencies continues to attract the attention of organised criminal groups, particularly those involved in drug trafficking and money laundering. However, it has yet to fully permeate the kidnap-for-ransom world. 

The fact that cryptocurrencies are unregulated and that law-enforcement agencies cannot easily monitor transactions, identify wallet holders or freeze crypto-wallets in the way they can freeze other assets is very attractive to kidnappers. However, using sophisticated forensic techniques, law enforcement agencies are catching up with these challenges. Several high-profile cases involving crypto-ransoms have ended in the prosecution of the perpetrators. 

A more immediate impediment to the growth in crypto-ransoms is that cryptocurrencies are impractical for kidnappers on several levels. Many kidnaps-for-ransom occur in countries or areas of countries where access to the internet is limited or even non-existent and where crypto-literacy levels remain low. Equally, kidnappers in the traditional hotspots face the very real problem of how to “cash out” their cryptocurrency ransom to be able to buy goods and cover other associated costs. Lastly, while the ransom sits in a crypto wallet, the kidnappers run the risk of devaluation in the exchange rate, or even theft by other criminals. 

Kidnappers will not overcome these issues until the use of cryptocurrencies becomes much more mainstream. However, at that point these currencies will likely be heavily regulated, losing their anonymous nature and their appeal to kidnappers altogether. 

How can businesses prepare themselves?

The high rates of cryptocurrency theft, the volatility of each currency’s value and the number of cryptocurrencies available all pose issues for businesses seeking to prepare themselves for the eventuality of a crypto-ransom kidnap. 

Those considering purchasing cryptocurrencies in anticipation of such a kidnap face a number of risks. In January 2018, cybercriminals stole more than USD 530m-worth of cryptocurrency from the Tokyo-based Coincheck Inc cryptocurrency exchange in what is believed to be the largest single theft since the launch of Bitcoin in 2009. Many more such instances have occurred. Furthermore, the value of these currencies is extremely volatile, meaning that businesses that invest may have to account for huge financial losses, either from theft or exchange rate fluctuations, or indeed large financial gains. In January 2017, the price of Bitcoin traded between USD 930 and USD 978. In December that year, the rate climbed to nearly USD 20,000. However, more closely linked to the management of a kidnap case is the fact that, while a business may choose to invest in Bitcoin, the perpetrators could demand a ransom in another cryptocurrency such as Ethereum.  

How cryptocurrency transactions work

Instead of purchasing cryptocurrencies in anticipation of a rare crypto-ransom event, a focus on maintaining up-to-date, reliable intelligence and insights into kidnapping trends and crisis management best practice – including a clear understanding of the process involved in setting up cryptocurrency wallets – will ensure better preparedness in the event of any kidnap. 

Future proofing kidnap preparedness 

The emergence of cryptocurrencies in ransom demands around the world provides a new dynamic to an already complex threat, raising the question: how should businesses prepare? The foundational principles of effective critical incident management – proper preparation and effective response - still apply in crypto-ransom cases, and companies should continue to invest in those principles. Rather than gamble on taking the many risks associated with Cryptocurrency investment, businesses would do better to familiarise themselves with the cryptocurrency system and the technical capabilities required to navigate it, understanding that opening a crypto-wallet is a relatively quick process and achievable within the timelines associated with safe and successful kidnap resolution. Understanding the evolving threat and knowing how to address it will remain vital for risk mitigation as well as incident response. 

Control Risks is uniquely placed to assist clients in market entry risk assessments and crisis management support in complex environments. Control Risks’ Response division and its Special Risks Analysis (SRA) team are the leading source of kidnap-for-ransom and threat extortion research and analysis, and have unparalleled operational experience in the field over the course of four decades. During this time, Response has worked on over 3,300 incidents in 140 countries around the world, feeding further proprietary insights and context back into the SRA team to inform its analysis.


Monthly Briefing

Receive our analysis and insights straight to your inbox every month

You might also be interested in

Get in touch

Can our experts help you?