Companies keeping Bitcoin on hand in case of ransomware attacks

Sometimes its the only option when you haven’t made backups a priority…

Companies keeping Bitcoin on hand in case of ransomware attacks

Companies are stockpiling Bitcoin just in case they suffer a ransomware attack and need to quickly regain access to their data.

In 2016, Citrix found that a third of British companies maintained contingency reserves of Bitcoin. More than half (57 percent) of companies with between 501 and 1,000 employees said they kept this digital currency on hand.

By comparison, only 36 percent of organizations with between 250 and 500 employees and less than a fifth (18 percent) of companies with over 2,000 employees said they stored Bitcoin.

A third of uk companies stockpiled digital currency in 2016 number chartbuilder 3af690cdc2c2083c5b2712087e5f85aa.nbcnews ux 600 480

Emergency caches such as these do ensure organizations can "regain access to important intellectual property or business critical data" in the event they suffer an extortion-based attack like ransomware. After all, most ransomware infections go hand in hand. Bob Wice of Beazley Group elaborated on this point for NBC News:

"Part of the everyday ransomware demand is Bitcoin, because it's easy to get and it's the currency of choice for the criminal underground."

Companies got to witness computer criminals' preference for Bitcoins firsthand on 12 May when an updated version of WannaCry ransomware swept the United Kingdom's National Health Service (NHS), Telefonica, and other organizations using an exploit for a Windows vulnerability. (The NSA developed the attack, code which the Shadow Brokers hacker group eventually obtained and leaked online.)

By 15 May, the ransomware had swept across 150 countries and claimed more than 200,000 victims. Every affected machine displayed the same demands: $300 in Bitcoin.

Wannacrypt ransom executable

WannaCry ransom note.

It makes sense that organizations would want to be prepared for ransomware attacks. Dr. Simon Moores, Britain's former technology ambassador and chairman of the annual international e-Crime Congress, clarified this perspective:

"I've often heard expressed that intelligence agencies and law enforcement act on a reactive basis. Once it's into your system, there's not much they can do about it.... It's all well and good to catch up to the actors and prosecute them, but that doesn't help you if you happen to be a financial institution or a business and data is mission critical."

True. But businesses realize there are risks other than ransomware that threaten their "mission critical" data, right? One of their production servers could crash, or a fire could damage their data center. How could companies recover if a non-ransomware incident affected their data?

The answer isn't obvious. Citrix observed in 2016 that a third of UK companies didn't back up their data. This is a HUGE missed opportunity. With data backups, not only do organizations have hope of restoring their data if an asset goes down or if they experience a physical disaster. They can also recover from a ransomware incident without paying the ransom.

If your company doesn't back up its mission critical data, you begin doing so ASAP. Here is a great place to start.

Tags: , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Subscribe to the free GCHQ newsletter

, , , ,

One Response

  1. M. Sirrell

    May 22, 2017 at 12:31 pm #

    But businesses realize there are risks other than ransomware that threaten their "mission critical" data, right? One of their production servers could crash, or a fire could damage their data center. How could companies recover if a non-ransomware incident affected their data?

    DR / BCP.

Leave a Reply