Kidnapping for crypto-ransom: the latest fashion or here to stay?

Around the world

The first widely reported kidnap for crypto-ransom occurred when kidnappers on 20 January 2015 abducted a Canadian national living in San José, Costa Rica and demanded USD 500,000 worth of Bitcoin. Control Risks has since recorded crypto-ransom kidnaps in 12 countries, as well as a gradual year-on-year increase in the number of reported cases. In 2017 we recorded an average of two cryptocurrency related cases every quarter; however, in the first half of 2018 this average rose slightly, to a case per month.

An evolution: Perpetrators’ targeting patterns

Most of these cases present similarities: the kidnappers were able to competently exploit open source information to identify individuals whose crypto wealth had been publicly promoted and seek them out for kidnapping. In one such case beginning on 26 December 2017, a financially-motivated criminal group kidnapped an employee of a United Kingdom-registered cryptocurrency exchange in Kiev, Ukraine. The kidnappers released the victim on 29 December, reportedly following a ransom payment equivalent to USD 1 million in Bitcoin. 

However, more recent kidnaps involving ransom demands in cryptocurrencies, including the 20 May abduction of a 13-year-old boy from a playground in Mpumalanga, South Africa, reveal that crypto-ransoms are also beginning to occur in countries where kidnappers’ targeting patterns and modus operandi are less sophisticated. As concern starts to grow over the development of the threat, the majority of kidnappers will lack the necessary technical sophistication and are unlikely to move with any haste towards demanding crypto-ransom payments.

Future threat development 

The unregulated and perceived anonymous nature of cryptocurrencies continues to attract the attention of organised criminal groups, particularly those involved in drug trafficking and money laundering. However, it has yet to fully permeate the kidnap-for-ransom world. 

The fact that cryptocurrencies are unregulated and that law-enforcement agencies cannot easily monitor transactions, identify wallet holders or freeze crypto-wallets in the way they can freeze other assets is very attractive to kidnappers. However, using sophisticated forensic techniques, law enforcement agencies are catching up with these challenges. Several high-profile cases involving crypto-ransoms have ended in the prosecution of the perpetrators. 

A more immediate impediment to the growth in crypto-ransoms is that cryptocurrencies are impractical for kidnappers on several levels. Many kidnaps-for-ransom occur in countries or areas of countries where access to the internet is limited or even non-existent and where crypto-literacy levels remain low. Equally, kidnappers in the traditional hotspots face the very real problem of how to “cash out” their cryptocurrency ransom to be able to buy goods and cover other associated costs. Lastly, while the ransom sits in a crypto wallet, the kidnappers run the risk of devaluation in the exchange rate, or even theft by other criminals. 

Kidnappers will not overcome these issues until the use of cryptocurrencies becomes much more mainstream. However, at that point these currencies will likely be heavily regulated, losing their anonymous nature and their appeal to kidnappers altogether. 

How can businesses prepare themselves?

The high rates of cryptocurrency theft, the volatility of each currency’s value and the number of cryptocurrencies available all pose issues for businesses seeking to prepare themselves for the eventuality of a crypto-ransom kidnap. 

Those considering purchasing cryptocurrencies in anticipation of such a kidnap face a number of risks. In January 2018, cybercriminals stole more than USD 530m-worth of cryptocurrency from the Tokyo-based Coincheck Inc cryptocurrency exchange in what is believed to be the largest single theft since the launch of Bitcoin in 2009. Many more such instances have occurred. Furthermore, the value of these currencies is extremely volatile, meaning that businesses that invest may have to account for huge financial losses, either from theft or exchange rate fluctuations, or indeed large financial gains. In January 2017, the price of Bitcoin traded between USD 930 and USD 978. In December that year, the rate climbed to nearly USD 20,000. However, more closely linked to the management of a kidnap case is the fact that, while a business may choose to invest in Bitcoin, the perpetrators could demand a ransom in another cryptocurrency such as Ethereum.  

Instead of purchasing cryptocurrencies in anticipation of a rare crypto-ransom event, a focus on maintaining up-to-date, reliable intelligence and insights into kidnapping trends and crisis management best practice – including a clear understanding of the process involved in setting up cryptocurrency wallets – will ensure better preparedness in the event of any kidnap. 

Future proofing kidnap preparedness 

The emergence of cryptocurrencies in ransom demands around the world provides a new dynamic to an already complex threat, raising the question: how should businesses prepare? The foundational principles of effective critical incident management – proper preparation and effective response - still apply in crypto-ransom cases, and companies should continue to invest in those principles. Rather than gamble on taking the many risks associated with Cryptocurrency investment, businesses would do better to familiarise themselves with the cryptocurrency system and the technical capabilities required to navigate it, understanding that opening a crypto-wallet is a relatively quick process and achievable within the timelines associated with safe and successful kidnap resolution. Understanding the evolving threat and knowing how to address it will remain vital for risk mitigation as well as incident response.