header-image
Security Policies

InfoShot: Are companies hoarding Bitcoins as ransomware insurance?

Ransomware – the act of infecting a network, often via email, then encrypting files or devices before demanding a ransom - became a billion-dollar industry in 2016. There was a threefold increase in the number of ransomware attacks between 2015 and 2016, according to Kaspersky.

The likes of Locky, Cryptowall, CryptXXX, and Cerber each brought in over $50 million last year, usually in the form of cryptocurrencies such as Bitcoin, which brings up the question: should companies stockpile Bitcoins as an insurance policy against ransomware?

The FBI and most cyber-experts advise that companies shouldn’t pay the ransom. However, that hasn’t stopped many companies actually making investments in cryptocurrencies. In a recent interview with IDG Connect, Malwarebytes CEO Marcin Kleczynski admitted many CISOs he had spoken to had Bitcoins ready to deploy if necessary, often in “substantial amounts.”

A recent Citrix study found that 42% of UK companies apparently have a stockpile of digital currencies ready in case of a ransomware attack, up from 33% of companies the year before. The average company stash was 23 bitcoins (valued at around $69,000). A third of those companies hoarding have more than 30 bitcoins (valued at around $90,000) to hand.

Interestingly, the study also suggested companies with less than 1,000 employees were more likely to have a cryptocurrency stash than larger ones with 1,000+ employees. This may well be because larger companies are more likely to have backups and security in place which make ransomware less effective.

James Lyne, Global Head of Security Research at Sophos, however, is wary of such planning.

“I’m not saying maybe it's not a good idea for a big business to have that option, given some ransomware has an unlock timer that starts deleting files very quickly. But banking on it as your strategy I think is terrible advice.”

He warns that while many criminals do release your files after payment, there’s no guarantee, and can often invite a second attempt at an attack since they know you’re willing to pay.

12-07-17-are-companies-hoarding-bitcoins-as-ransomware-insurance

PREVIOUS ARTICLE

« Containers: Everything you need to know

NEXT ARTICLE

Forget Apple vs. Uber: Electric cars from China will be the real economic disruptor »
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

International Women's Day: We've come a long way, but there's still an awfully long way to go

Charlotte Trueman takes a diverse look at today’s tech landscape.

Trump's trade war and the FANG bubble: Good news for Latin America?

Lewis Page gets down to business across global tech

20 Red-Hot, Pre-IPO companies to watch in 2019 B2B tech - Part 1

Martin Veitch's inside track on today’s tech trends

Poll

Do you think your smartphone is making you a workaholic?