InfoShot: Are companies hoarding Bitcoins as ransomware insurance?
Security Policies

InfoShot: Are companies hoarding Bitcoins as ransomware insurance?

Ransomware – the act of infecting a network, often via email, then encrypting files or devices before demanding a ransom - became a billion-dollar industry in 2016. There was a threefold increase in the number of ransomware attacks between 2015 and 2016, according to Kaspersky.

The likes of Locky, Cryptowall, CryptXXX, and Cerber each brought in over $50 million last year, usually in the form of cryptocurrencies such as Bitcoin, which brings up the question: should companies stockpile Bitcoins as an insurance policy against ransomware?

The FBI and most cyber-experts advise that companies shouldn’t pay the ransom. However, that hasn’t stopped many companies actually making investments in cryptocurrencies. In a recent interview with IDG Connect, Malwarebytes CEO Marcin Kleczynski admitted many CISOs he had spoken to had Bitcoins ready to deploy if necessary, often in “substantial amounts.”

A recent Citrix study found that 42% of UK companies apparently have a stockpile of digital currencies ready in case of a ransomware attack, up from 33% of companies the year before. The average company stash was 23 bitcoins (valued at around $69,000). A third of those companies hoarding have more than 30 bitcoins (valued at around $90,000) to hand.

Interestingly, the study also suggested companies with less than 1,000 employees were more likely to have a cryptocurrency stash than larger ones with 1,000+ employees. This may well be because larger companies are more likely to have backups and security in place which make ransomware less effective.

James Lyne, Global Head of Security Research at Sophos, however, is wary of such planning.

“I’m not saying maybe it's not a good idea for a big business to have that option, given some ransomware has an unlock timer that starts deleting files very quickly. But banking on it as your strategy I think is terrible advice.”

He warns that while many criminals do release your files after payment, there’s no guarantee, and can often invite a second attempt at an attack since they know you’re willing to pay.



«Forget Apple vs. Uber: Electric cars from China will be the real economic disruptor


Containers: Everything you need to know»
IDG Connect

IDG Connect tackles the tech stories that matter to you

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.


Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.



Should the government regulate Artificial Intelligence?