Earlier this year it was revealed that blue chip companies were hoarding bitcoins in order to pay cyber ransoms.
The anonymity of Bitcoin appeals to cyber criminals because it cannot be traced, making the virtual currency a sought after prize for cyber criminals.
The reason blue chip companies and banks are going down this appeasement route is simple: it is cheaper to pay the cyber criminals than risk the devastation caused by IT failures and data leaks.
Is this the best practice, however, for businesses within any vertical when it comes to preparing for ransomware attacks: pay or fight?
Why pay the ransom?
Recent attacks on popular websites, like Twitter, Reddit, Spotify and Amazon, have forced many organisations’ hand.
The same source code used to cripple these sites – Mirai botnet, which was released online this month by alias Anna-senpai – has been used to threaten other businesses and banks into paying the bitcoin ransom or face the same crippling attacks.
It works by seizing control of connected devices – effectively zombifying them – and once enough are controlled they unleash hell on whatever site has been targeted.
The problem is that the number of connected devices keeps growing. Gartner estimates the number of devices connected by the Internet of Things could rise to 20 billion by 2020. They are growing exponentially and so is the threat.
Dr Simon Moores, a former technology ambassador for the UK government and chair of the annual international e-Crime Congress, said the growing scale and evolving ferocity of the attacks has changed some banks’ stance on paying ransom demands.
He declined to identify the banks buying up bitcoins but suggests the police have been made aware of the practice.
“The police will concede that they don’t have the resources available to deal with this because of the significant growth in the number of attacks,” Moores said.
“From a purely pragmatic perspective, financial institutions are now exploring the need to maintain stocks of bitcoin in the unfortunate event that they themselves become the target of a high-intensity attack, when law enforcement perhaps might not be able to assist them at the speed with which they need to put themselves back in business.”
Current organisation consensus
Earlier this year, when it was revealed blue chip companies were stockpiling bitcoins, research commissioned by Citrix and carried out by Censuswide to glean further insights as to their strategies to defend against cyber and ransomware attacks.
The survey reviewed 250 IT and security specialists in companies with 250 or more employees across the UK, and revealed 33% of UK companies are now building a ready stockpile of digital currency (for example, Bitcoin) in case of ransomware attack.
>See also: Blockchain technology without a bank?
Over 35% of large firms (those with over 2,000 employees) are willing to pay over £50,000 to regain access to important intellectual property (IP) or business critical data.
Smaller companies are more likely to keep a ready supply of cryptocurrency, such as Bitcoin, than larger businesses: over one in three (36%) of businesses with 250-500 employees store cryptocurrencies, while 57% of firms with 501-1000 employees have a stockpile of digital cash.
Interestingly, less than 1 in 5 (18%) businesses with more than 2,000 employees saw a need for building their digital currency stockpiles.
The landscape is changing
“Big companies are now starting to worry that an attack is no longer an information security issue, it’s a board and shareholder and customer confidence issue,” Moores said.
“What we are seeing is the weaponisation of these [hacking] tools. It becomes a much broader issue than businesses ever anticipated.”
In today’s global environment paying the fine may appeal as the lesser of two evils.
For example, would telecoms provider TalkTalk rather have paid a ransom or lose 101,000 customers and suffer fines of £60 million as a result of a cyber attack last year?
Distributed denial of service (DDoS) attacks are growing.
This year, with the release of the malicious Mirai source code, 600 gigabits of data a second have been directed at online targets. This constant malicious hammering of data is more than enough to bring a website down.
The situation is becoming severe.
“Once it goes above a terabit [a second],” says Moores, “that wipes out any protection. No current protection systems can deal with that sort of flood”.
The scale of ransomware attacks is an industry-wide problem, and paying the bitcoin ransom may mitigate the risk.
However, what is to stop the attackers from asking for more digital money and downing the IT anyway?
It is a precarious game.
The alternative to paying a ransom is to beef up cyber security.
“In order to avoid such potential losses,” suggests Chris Mayers, chief security architect at Citrix, “businesses must commit to the most robust cyber security techniques, including end-to-end encryption and app and desktop virtualisation, ensuring data is safely maintained away from devices and – most importantly – away from the hands of cyber-attackers.”
Paying the bitcoin ransom should not be the answer.
Moores predicts that the unprecedented rate of devices becoming connected means that IT security systems, no matter how sophisticated or encrypted, will be unable to defend this type of ransomware attack.
He suggests a watershed moment is on the horizon, similar to the “Lehman Brothers moment” in the financial crisis.
Paying the ransom might be the only viable solution.