Ransomware has become one of the biggest cyber threats to business, healthcare and government organisations in the past six months, but bitcoin tracking firm Chainalysis expects the tide to turn.

Cyber criminal gangs that extort money by encrypting data using malware or threatening distributed denial of service (DDoS) attacks, typically demand payment in bitcoin so it cannot be traced.

But in the past two years, the Chainalysis startup has been selling its bitcoin-tracing technology to law enforcement agencies in the US, Europe and Asia.

“Expect to see some arrests soon as law enforcement agencies wrap up their investigations into several ransomware operations,” said Michael Gronager, CEO and co-founder of Chainalysis.

“The ransomware industry is probably worth more than $100bn (£76bn) a year, but hopefully our technology will help to reduce and contain that as people are arrested and sent to jail,” he told Computer Weekly.

There have already been some arrests as a result of law enforcement using the Chainalysis technology, said Gronager, relating to the cyber extortion gang known as DD4BC (DDoS for bitcoin).

“Bitcoin transactions used to be anonymous, but our software is capable of linking the source and recipient, so, in effect, bitcoin has become less anonymous than cash,” he said.

As Chainalysis software becomes more widely deployed, the number of jurisdictions in which cyber criminals can use bitcoins with impunity will be very limited, he said.

Mistake by hackers Gronager believes the recent theft of about $66m worth of bitcoins from the Hong Kong-based Bitfinex exchange was a mistake by the hackers. “Whoever took those bitcoins has a bit of a problem because the minute they use them, we will be able to trace them,” he said. “It is a bit like sitting on a pile of marked banknotes.” Chainalysis was founded by Gronager and two others working in the bitcoin exchange industry in response to the lack of tools to assess risks involved in bitcoin transactions. “Banks needed a monitoring tool to identify money-laundering activities and verify if bitcoin transactions were attached to legitimate business activities,” said Gronager, who is originally from Denmark. He and co-founders – fellow Dane Jan Moller (chief technology officer) and Briton Jonathan Levin (chief revenue officer) – set about building the tool, completing the work in just a few months.

Anti-money laundering Although the tool was mainly aimed at providing anti-money-laundering systems for companies active in the blockchain and bitcoin space and financial institutions that provide banking services to the blockchain industry, the tool’s anti-cyber crime application soon become clear. Chainalysis began working with police in San Franciso on several investigations involving bitcoins, rapidly making wider contacts with law enforcement organisations in the US and elsewhere. As a result, law enforcement now accounts for a significant portion of Chainalysis’ customer base. The company has since been involved in several high-profile cases, including investigations into the disappearance of £250m worth of bitcoins after the collapse of bitcoin exchange MtGox in 2014. Chainalysis software enables law enforcement agencies to follow traces of bitcoin to find the services that cyber criminals are using to convert bitcoin into cash or other digital currencies.

Criminals’ revenues Using Chainalysis, police investigations can also establish connections between victims and estimate the criminals’ revenues. Although Gronager is unwilling to reveal the identity of its customers in law enforcement, he said more than half of the police forces in Europe were using Chainalysis software. “It is also a matter of public record that our customers include Europol in Europe and the FBI in the US,” he said. Chainalysis began to grow its customer base in the banking industry after taking part in the Barclays accelerator programme in 2015 for fintech startups in partnership with incubator firm Techstars. “Working with Barclays has taught us how to engage with the enterprise market,” said Gronager.

Accelerator programme “The accelerator programme also taught us how to raise investment and set up our headquarters in New York City, while Techstars has given us access to its global contacts and a network of several thousand startups, who have helped us to know how to work with certain investors,” he said. According to Gronager, the Chainalysis software is essentially a search engine for blockchain ledgers, and he expects that to become an important revenue driver for the company in future. “In the longer term, we expect blockchain to underlie most financial transactions in future, especially as it can provide unprecedented transparency if you know where to look,” he said. Chainalysis enables financial institutions to receive reports on the blockchain activity of their customers to raise alerts and issues. Read more about ransomware Nearly 40% of businesses were hit by ransomware attacks in the past year, with more than a third of them losing revenue and 20% forced to shut down, a study has revealed.

Businesses still get caught by ransomware, even though straightforward avoidance methods exist.

The first half of 2014 saw an increase in online attacks that lock up user data and hold it to ransom.

The CryptoLocker ransomware caught many enterprises off guard, but there is a defence strategy that works. The software breaks down blockchain activity by different categories so financial institutions can assess the risk of doing business with each of their customers using bitcoin transactions, spot emerging threats from the deep web and investigate ransomware or extortion notes in-house. In the US alone, Gronager said there had been about 5,000 suspicious activity reports about bitcoin transactions in the past year compared with none the year before because the technology did not exist then to enable financial institutions to see what was going on.