It is nothing new that the cryptocurrency bitcoin has been used regularly in ransomware attacks as a means for hackers to secure anonymous payments from their targets. What is new, however, is that major banks have now started to stockpile bitcoin in order to mitigate potential future ransomware attacks by cyber criminals. Many businesses have concluded that it is simply cheaper to pay the ransom as opposed to dealing with the financial and reputational consequences of a security breach or loss of data.
Ransomware, which refers to malicious software designed to block access to a computer system or data until a ransom has been paid, has been around since the 1980s. However, ransomware attacks have increased substantially in recent years and are expected to increase as encryption software has improved as well as due to the increasing popularity of pseudonymous cryptocurrencies, such as bitcoin, which facilitate ransom payments for hackers.
According to the U.S. Department of Justice, ransomware attacks in the United States average 4,000 a day, while the ransoms usually range anywhere between $500 to $1,000, according to cybersecurity firm Cyence. Is the simultaneous rise of bitcoin and ransomware attacks linked together or is it just a spurious relationship? David Emm, principal security researcher at Kaspersky Lab, responded in a ZDNET article, “It’s helping. […] The existence of effectively anonymized payment mechanisms definitely plays into the hands of cybercriminals.”
Banks are not the only businesses preparing for cyber-attack using bitcoin. Citrix and Consensuswide found in a survey that one in three UK companies have started to stockpile digital currencies, including bitcoin, in order to pay for potential future ransomware attacks. Further, over 35 percent of larger firms, that is those with over 2,000 employees, would be willing to pay over £50,000 to regain access to business critical business data and intellectual property.
While ransomware attacks have traditionally primarily affected private individuals and small companies, hackers have stepped up their game and are now targeting large corporations, government entities, and even hospitals.
The rise in large scale ransomware attacks have also led some of the largest banks in the UK’s City of London to conclude that they need to start stockpiling bitcoin so that they will be adequately equipped to deal with these types of cyber-attacks going forward.
Dr. Simon Moores, chair of the Annual International e-Crime Congress and former technology ambassador for the UK government, stated that several UK-based banks are of the opinion that it is simply cheaper to pay off cyber criminals rather than risk an attack.
“From a purely pragmatic perspective, financial institutions are now exploring the need to maintain stocks of bitcoin in the unfortunate event that they themselves become the target of a high-intensity attack, when law enforcement perhaps might not be able to assist them at the speed with which they need to put themselves back in business.”
Industry experts such as leading cyber security firm Symantec, however, disagrees with this approach. According to the firm’s CTO Robert Shaker II, companies who pay ransomware attackers will end up “on a payer’s list,” which means other hackers will specifically target these companies with the expectation of also receiving ransom payments. Furthermore, paying the ransom in no way guarantees that the company’s encrypted data will be released again as hackers can easily come back and ask for more money or only release small amounts of affected data at the time. Symantec recommends not paying ransomware attackers. Instead, companies should have adequate data back-ups in place, acquire cyber insurance and consult a technology investigator in the case of an attack.
It is somewhat ironic that banks, who have mostly been very anti-bitcoin from the start as the use of decentralized digital currencies are a growing threat to their existing business models, are now hoarding bitcoins to mitigate potential future ransomware attacks. Instead of embracing the world’s only truly stateless and global currency, banks have dismissed it and have even closed down bitcoin businesses’ bank accounts as the threat of global bitcoin adoption affecting future banking profitability is becoming more tangible every day.
Whether the announcement that banks are potentially willing to pay off hackers in ransomware attacks will end up attracting more cyber attacks or not will remain to be seen.