Should businesses prepare for ransomware with a cryptocurrency stash?

An increasing number of enterprises are considering pre-purchasing cryptocurrency in anticipation of potential ransomware attacks. But is this a valid risk-reduction strategy for enterprises?

To get some views on this controversial issue, we spoke with Mike Doran, senior security consultant with the enterprise incident management team at cybersecurity specialist Optiv, and former computer forensics examiner with the St. Louis Metropolitan Police Department.

BN: Explain to us what you’re seeing out in the real world relative to enterprises and cryptocurrency.

MD: Ransomware has become so prevalent that it has become a standard part of the tabletop exercises we do with clients to optimize their incident response processes. What we’ve also noticed is that an increasing number of CISOs are asking us if they should be acquiring cryptocurrency in the event they find themselves victims of a ransomware attack.

BN: And what’s your response to those questions?

MD: It’s interesting: sometimes these questions arise during our CISO forums or tabletop exercises, and invariably they are met by a chorus of ‘No!’ from other CISOs. Keeping cryptocurrency on hand can create multiple problems — first, it indicates you are ready to pay a ransom. Second, if information gets out that you have cryptocurrency on hand, it makes you a potential target for hackers. It is far better to take the steps needed to rationalize your infrastructure and optimize operations, so ransomware never infects your environment in the first place.

BN: So why would an enterprise pre-buy cryptocurrency?

MD: The obvious answer is so it can pay a ransom quickly should it fall victim to a ransomware attack, thus mitigating the length of time data is held ransom. Businesses also do it to get the best price they can on the cryptocurrency — there are so many exchanges on the internet that this can be a complex process, and, as we all know, cryptocurrency prices fluctuate on a daily basis. Pre-buying cryptocurrency enables enterprises to lock in a good price and have it at the ready, should they need it.

BN: Do you believe this is a valid strategy for preparing for a ransomware attack?

MD: I worked in law enforcement for a long time before joining Optiv, so my sentiments gravitate to the FBI’s view, which recommends that enterprises not pay ransoms. The reasons for this are fourfold:

• First, paying ransom perpetuates the problem. If nobody paid ransoms, cybercriminals would move on to another exploit technique.
• Second, enterprises should be taking a proactive, not reactionary, approach and doing the up-front work required to mitigate potential ransomware attacks. If you’re going to invest money, it would be better spent on implementing strategies and technology for protecting against ransomware, rather than paying off ransoms.
• Third, holding a stash of cryptocurrency increases enterprise risk, because it makes you a target for hackers looking to steal it. This is why many companies taking this approach will use third-parties to hold their cryptocurrency wallets.
• And lastly, paying ransom doesn’t always work. Just because a company pays the ransom, they are not assured they will obtain a decryption key for their data. Moreover, there is no assurance that should a company pay the ransom and receive a decryption key, they are getting the only copy of their data back.

That said, if you’re a large enterprise that’s been paralyzed because your network is being held ransom, paying it may be your last resort. For example, if you’re a hospital with patients’ lives on the line, or an eCommerce business losing millions of dollars per minute, and you’ve tried everything to restore normal operations and nothing has worked, paying the ransom might be ‘worth it’ in the short- and long-term.

This is why when people ask me about ransomware, I tell them I take a neutral stance on the issue. You absolutely should do everything you can to avoid having an attack take down your business, but if everything fails and you’re having an ‘Alamo moment’, you may have no choice but to pay. But this choice should be discussed heavily internally to ensure that this is the best course of action given the gravity of the situation. It will always be a risky proposition though, because the people you’re paying off may not hold up their end of the bargain.

BN: How do you go about paying a ransom?

MD: The hackers usually make their demands and provide the victim with the address of a cryptocurrency wallet. From there, it’s a simple cryptocurrency transfer from one wallet to another, with the exchange occurring instantaneously. Once the transfer is complete, the hacker will typically launder the currency through one of the many cryptocurrency laundering sites on the internet, and then shut down the payment address. At that point, it becomes incredibly difficult to ever track down the hacker.

BN: Some legitimate businesses have announced that they now accept Bitcoin payments. Does this mean cryptocurrency is going mainstream?

MD: You’re right — a number of household name companies now accept Bitcoin. This is an interesting question, because Bitcoin was initially designed to circumnavigate the financial system, eliminating the need for a trusted third party. Others are trying to create cryptocurrencies for legitimate purposes. However, because of the DarkNet and the crimes associated with it and Bitcoin, most people are still of the opinion that cryptocurrency is associated with illegal activity. One thing is for certain though — the government will eventually step in and formally regulate cryptocurrency, which will likely make the value plummet. However, that regulation will also help to shed the malicious veneer that coats cryptocurrency today.

Author: Ian Barker
Image Credit

Well, well, well. Crime does pay: Ransomware creeps let off with community service

Dutch court goes easy on Coinvault duo

Two men who masterminded various Coinvault ransomware infections will carry out 240 hours of community service as punishment for screwing over 1,200 computers and banking around €10,000 (£9k, $12k) in profit.

The sentence was handed down by a court in Rotterdam, in the Netherlands, where it was ruled brothers Melvin and Dennis van den B. had earned leniency based on their cooperation with police, lack of a criminal record, and young ages at the time they were collared in 2015. Melvin was 22 and Dennis 18 at the time of their arrest.

Prosecutors had asked they receive a year in prison in addition to the 240 hours of community service.

Coinvault surfaced in 2014 as a high-profile file-scrambling malware. The software encrypted victims’ documents, and demanded they pay a ransom of one Bitcoin (worth a few hundred Euros at the time) to restore access to their data.

While the pair was only charged with infecting 1,259 machines, researchers have estimated that the actual number of PCs hit with the malware was more like 14,000, with victims in more than 20 countries.

It was claimed in court that about 100 people coughed up the ransom demands before antivirus makers were able to develop a decryption tool to unscrambled hostage files. The malware would only be eradicated fully in 2015 when the brothers were arrested and the full decryption keys were recovered.

Interestingly, it was the pair’s Dutch nationality that brought them down. Researchers were able to pinpoint the locality of the authors to the Netherlands after finding snippets of the code containing “flawless Dutch phrases” that are usually only bandied about by native speakers of the notoriously difficult language.

Kaspersky Lab, who helped lead the investigation and eventual takedown of Coinvault, said that, despite the lenient sentence, the ultimate takeaway from the three-year ordeal should be that, in the end, extortionists get caught.

“Cybercrime doesn’t pay,” said Kaspersky Lab researcher Jornt van der Wiel. “If you become a victim of criminal or ransomware activity, keep your files and report the incident to the police. Never pay the ransom and be confident that not only will the decryption tool appear, but also that justice will triumph in regards to the criminals.”

Here at Dollar Destruction, we endeavour to bring to you the latest, most important news from around the globe. We scan the web looking for the most valuable content and dish it right up for you! The content of this article was provided by the source referenced. Dollar Destruction does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products or other materials on this page. As always, we encourage you to perform your own research!

Author: Shaun Nichols
Image Credit

Don’t forget to join our facebook page for Crypto, Business & Technology news delivered to you daily.