Companies Are Stockpiling Bitcoin To Quickly Pay Off Ransomware Criminals

New research conducted by Citrix indicates that some businesses are stockpiling Bitcoins so they can pay cybercriminals fast in case of ransomware attacks.

New research conducted by Citrix, a corporate networking company, indicates that some businesses are stockpiling Bitcoins so they can pay cybercriminals fast, if their data is held ransom by malicious software. Ransomware has victimized vast numbers of individuals and businesses in recent years. “Many of them, including police departments and hospitals, have opted to pay up to get their data back”, according to MIT Technology Review.

According to the study, one-third of companies surveyed admitted to stockpiling Bitcoins. The survey was conducted on a sample of 250 IT and security workers at U.K. companies with more than 250 employees. Additionally, approximately half of the respondents in the Citrix study said that company data was not being backed up at least daily, even though security experts advise that backing up data is the best defense against ransomware. Many experts also discourage paying off ransomware weilding criminals, because it further enables the ransomware industry.

Even so, the trend towards stockpiling Bitcoins continues. A researcher at Cornell University recently posted a tweet on Twitter stating that the university’s treasurer had created an account with Bitcoin exchange, Coinbase. Holding Bitcoin in reserve could save crucial time in the event of a ransomware attack, especially during attacks on medical facilities.

But, what does the FBI advise? Joseph Bonavolonta, Assistant Special Agent in Charge of the Cyber and Counterintelligence Program in the FBI’s Boston office, reportedly said:

“The ransomware is that good… To be honest, we often advise people just to pay the ransom.”

According to Naked Security, Bonavolonta was also quoted as saying “the easiest thing may be to just pay the ransom,” and the “overwhelming majority of institutions just pay the ransom.”

Moreover, even police departments that have had their files scrambled by ransomware have paid to get the files back. Such was the case with a sheriff’s office in Tennessee and a municipal police department in Massachusetts.

Bonavolonta’s advice aside, the FBI’s official stance on ransomware doesn’t explicitly mention paying ransom at all. The FBI’s ransomware information page advises that victims contact the FBI. An FBI spokesperson, however, sent Naked Security the following statement:

“The FBI doesn’t make recommendations to companies; instead, the Bureau explains what the options are for businesses that are affected and how it’s up to individual companies to decide for themselves the best way to proceed. That is, either revert to back up systems, contact a security professional, or pay.”

With ransomware attacks on a sharp increase, it is encouraging to note that the DEF CON hacker conference will be featuring the concept of hackers and doctors working together to address problems in the medical field, including ransomware. Sometimes the physician and the hacker are one in the same person, as is the case with Christian “quaddi” Dameff, MD and Jeff “r3plicant” Tully, MD who will be presenting at the upcoming annual DEF CON conference.

These two hackers, who are also doctors, explain that:

“Far from the button-down sense of proprietary that suffuses academic medical meetings, DEF CON is permeated with a sense of wild possibility, creativity, and diversity. DEF CON prides itself on welcoming hackers from all walks of life. This mixture of knowledge, experience, and spirit brews a unique form of creative problem solving, and that’s exactly what we’re looking for now.

We feel, however, that we’re on the cusp of an entirely new sea of problems that affect not just the manipulation of medical information or the systems that we use to deliver care but that alter human physiology itself, in ways that can be both incredibly destructive and alien to the vast majority of the medical profession. We’ll continue to speak about this issue going forward, but safe to say we firmly believe that medicine is in great need of hackers who will hard today to solve the medical problems of tomorrow.

And that’s why we applaud DEF CON for allowing non-traditional hackers to voice such calls to action. Our world is beset by an ever-growing number of serious threats, and international collaboration between motivated, innovative hackers working to address these challenges may be just what the doctor ordered.”

DEF CON, a conference featuring demonstrations, lectures and presentations regarding the most cutting-edge computer security issues, takes place on August 4-7 at Paris & Bally’s in Las Vegas. You will need to tighten up your OpSec for this conference–some tips from last year’s conference.

As for potential victims of ransomware, it is unclear exactly how many companies are setting aside emergency ransom funds because it is not something it would be wise to admit to publicly. As MIT Technology Review points out, “acknowledging that you are ready to pay—and perhaps don’t have a good backup system—could attract the attacks this policy is designed to handle.”

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Bitcoin, Ransomware)