Looks like the hackers aren't very updated yet. Still asking to use Bitcoin when they know it can be traced back to them. Why not ask for Monero or something more anonymous?
If an address is used only once to send coins somewhere it's fairly non traceable besides that it is basically asking the ransomed first to find a Bitcoin exchange then to register to an altcoin exchange in order to pay the ransom.
In other words it would be extremely esoteric for them and the ransomed and a mixer can still do the job for now.
That said you got a point about Monero ^^.
http://www.coindesk.com/catch-bitcoin-ransomer-inside-fbis-cyber-investigation-process/"Because the address hasn't been used yet on the bitcoin blockchain," said Battaglia, "there’s not going to be any information I can get on the blockchain yet. But I can take the ransom note and plug it into IC3."
Even if a ransom isn’t paid, Battaglia indicated that his team will compare the ransom demand with those on file at IC3 to look for connections. In similar cases with similar demands, some victims may have decided to pay the ransom, resulting in possibly helpful data for the cases in which the ransom was not paid.
Addresses from victims who did pay are then processed by the FBI’s "blockchain tool" to generate a list of wallets associated with the same "entity" that issued the ransom demand. From the initial pool of addresses that paid, the FBI then searches for connections between the recipient wallet and its expenditures.
While initial data may be limited, as more of the funds are spent the tool accumulates more data, including from 'change addresses' that return satoshis or other denominations to the original recipient wallet.
"I might find that those transactions occur within another cluster of bitcoin addresses that I don’t know anything about," said Battaglia, "and my analysis tool doesn’t know anything about. But I can take those addresses, pull them out, plug them into our case management system."
