Ransomwares are as old as internet. They've always been around, and they have no more power than they had before bitcoin.
It's not as old as the internet, but you're right that it is pretty old - the first was in 1989. They have far more power now though, because of bitcoin.
Typically, the best way to shut down ransomware criminals is to use the payment method as an attack vector. Shut down the payment vector, shut down the motivation for the person or organization trying to extort people that way. Cryptolocker currently accepts bitcoin and Greendot Moneypak. The latter vector is going to get shut down, because it's via a centralized system owned by a company that has executives who don't want to go to jail for money laundering.
You can't just shut down the bitcoin vector in the same way though, as we all know. And that makes bitcoin the not-so-secret weapon that ransomware is going to exploit to hell and back. Just think for a minute how many people's computers are zombie'd/slaved or otherwise infected with viruses. Now add a very lucrative, direct way to collect money from individual victims, in an essentially anonymous way (if they're careful). I don't know about you, but I think that sound in the distance is half the black hat hackers in the world's drool collectively hitting the floor.
And even if you are right, Ipsum, can you PLEASE explain to me how redlisting coins would help fighting CryptoLocker copycats ?
Well, Mike's a very smart guy, and an expert in security, so I may not understand his proposal with precision, but I'm pretty sure the outrage on this thread is a result of people just flying off the handle for no good reason. To be very clear, he's calling it a red list specifically because it's not the same as a blacklist. He's not proposing auto-filtering out 'tainted' coins. Here's the short summary:
"Consider an output that is involved with some kind of crime, like a theft or extortion. A "redlist" is an automatically maintained list of outputs derived from that output, along with some description of why the coins are being tracked. When you receive funds that inherit the redlisting, your wallet client would highlight this in the user interface. Some basic information about why the coins are on the redlist would be presented. You can still spend or use these coins as normal, the highlight is only informational. To clear it, you can contact the operator of the list and say, hello, here I am, I am innocent and if anyone wants to follow up and talk to me, here's how. Then the outputs are unmarked from that point onwards. For instance, this process could be automated and also built into the wallet."
This is basically a reputation service. There could be many of them, though it's a network on top of a network, so I'd have to imagine the network effect is pretty huge in terms of winner-takes-all.
He had written more about it here earlier:
https://bitcointalk.org/index.php?topic=157130.60And to be clear, he's not even proposing it. He's just pointing out that there is a potentially huge problem with cryptolocker and other methods of clear crime (I don't know anyone who thinks extortion is ok, vs Silk Road, where there's legitimate debate) where what bitcoin does is completely shut down the attack vector law enforcement can most easily use to shut down the incentive to commit the crime.
Neither I nor Mike nor anyone else know what the solution (if there is one) to the problem is, but it certainly deserves discussion, and redlisting is one idea. That's all his post was. A discussion. Blacklisting (distinct from and way worse than redlisting) would be completely off the table for everyone I know in the Foundation, for what it's worth.