In an uncertain world where kidnapping for ransom is an all too common occurrence, many hostage negotiators use the no-concession policy. They justify this position by explaining that paying a ransom makes it more likely that the perpetrators will try it again and often times the ransom is used to fund illegal or terrorist organizations.
Although I have seen very little empirical evidence to prove that this no-concesion approach is more desirable than paying the ransom, this mentality was brought into the digital age when cyber-ransoms, cyber-extortions and crypto-malware became prevalent.
More and more companies though have started to take a different approach and are now prepared to pay ransom in exchange for saving their networks, devices and information. To meet these demands quickly, some companies have started to store bitcoin as a risk mitigation strategy.
Why this change of heart? Many of the most popular well written malware was actually designed to ensure victims could recover their data when the ransom was paid. This attention to detail and solid customer service by the bad guys, means victims are now relatively certain that they will be saved if they pay the ransom.
Sure paying the ransom means funding organized crime and will likely fuel the next wave of crypto-malware but companies have a duty to protect their organization (rather than take the moral high ground).
This change in mindset is so pronounced that traditional physical K&R (kidnap & ransom) negotiation experts have started to test the cyber-extortion and cyber-ransomware negotiation space.
True verifiable numbers are hard to find but firms like Recorded Future ( a cyber intelligence company) has stated that it believes the cyber-ransom market has now reached the 1B$ mark. Kaspersky says a company is cyber-attacked every 40 seconds.
Obviously crypto-malware can be counter-acted by proper, regular offline backups but many companies don’t start a robust recovery program until it’s too late. They either pay the ransom or lose their data. Its that plain and simple.
Right now the advantage is with the attacker. Corporate information security groups have to bat 100% to keep the company safe. This is expensive, time consuming and not always achievable. The attacker just need to infect 1 machine on the network and then can propagate and move laterally from there.
Companies have started to jump on the Ransomware protection bandwagon. An EDR &”next-generation AV” company called Cybereason offers a free product called RansomFree. They claim it protects against 99% of ransomware by monitoring how applications interact with files on your computer. Did I mention RansomFree is free? I haven’t used their product and thus can’t recommend it but it does seem to be useful and could really help the average consumer ensure they don’t end up getting victimized.
It is clear that this malware is written by extremely skilled and determined threat actors. This isn’t code written in somebody’s basement but rather a professional extortion company with developers, quality assurance and even customer support to ensure a paying customer is taken care of.
So the question is will your company prepare by buying and storing bitcoin? If you will, how much should you store? that is the new question.