Fearing hackers, U.S. firms hoard bitcoin for ransoms
As threats mount, companies plan to pay to get data back.
U.S. corporations that have long resisted bending to the demands of computer hackers who take their networks hostage are increasingly stockpiling bitcoin, the digital currency, so that they can quickly meet ransom demands rather than lose valuable corporate data.
The companies are responding to cybersecurity experts who recently have changed their advice on how to deal with the growing problem of extortionists taking control of the computers.
“It’s a moral dilemma. If you pay, you are helping the bad guys,” said Paula Long, chief executive of DataGravity, a Nashua, N.H., company that helps clients secure corporate data. But, she said, “You can’t go to the moral high ground and put your company at risk.”
“A lot of companies are doing that as part of their incident-response planning,” said Chris Pogue, chief information security officer at Nuix, a company that provides information management technologies. “They are setting up bitcoin wallets.”
Pogue said he believed thousands of U.S. companies had prepared strategies for dealing with hacker extortion demands, and numerous law firms have stepped in to facilitate negotiations with hackers, many of whom operate from the other side of the globe.
Symantec, a Mountain View, Calif., company that makes security and storage software, estimates that ransom demands to companies average between $10,000 and $75,000 for hackers to provide keys to decrypt frozen networks. Individuals whose computers get hit pay as little as $100 to $300 to unlock their encrypted files.
Companies that analyze cyber threats say the use of ransomware has exploded, and payments have soared. Recorded Future, a Somerville, Mass., threat intelligence firm, says ransom payments skyrocketed 4,000 percent last year, reaching $1 billion. Another firm, Kaspersky Lab, estimates that a new business is attacked with ransomware every 40 seconds.
“If you’re hit by ransomware today, you have only two options: You either pay the criminals or you lose your data,” said Raj Samani, chief technical officer at Intel Security for Europe, the Middle East and Africa. “We underestimated the scale of the issue.”
Hackers often send out email with tainted hyperlinks to broad targets, say, an entire company. All it takes is one computer user in a company to click on the infected link to allow hackers to get a foothold in the broader network, leading to hostile encryption.
“At least one employee will click on anything,” said Robert Gibbons, chief technology officer at Datto, a Connecticut company that offers digital disaster recovery services.
Law enforcement counsels U.S. businesses not to succumb to ransom demands, urging them to keep backup copies of their data.
But practical considerations are dictating a different approach. “It’s an option to pay the ransom to get back up and running. Sometimes it’s the only option,” said Leo Taddeo, chief security officer for Cryptzone, a Waltham, Mass., company that provides network security.