“Can I buy a bitcoin from you?” This is often how the conversation begins when we’re contacted by business owners that have been hit with a ransomware attack.
As one of the leading Crypto-ransomware incident response organizations in the southeast, we unfortunately get asked this question on a regular basis. Every time we’re asked this, we cry a little inside. Today, Ransomware is impacting an increasing number of smaller businesses as attackers – cybercriminals – prey on less secure organizations. Don’t know what a bitcoin is or where to get one? Don’t worry, we’ve got that handled. Want to learn more about BitCoin, or crypto currency in general? Check out this excellent piece by Harold Stark over at Forbes. Still not convinced that this crypto-currency thing has legs? Bitcoin alone has over 100 Billion (Yes, with a B) in market capitalization. This is the currency of the attackers. It’s largely untraceable, is not tied to any government, is fully portable across political borders, and be easily exchanged in most countries for a fiat currency.
If your organization is impacted, should you pay? Well that depends on the situation and technical specifics of the attack.
In general, CIT stands in solidarity with the FBI and recommends not paying the ransom. However, each and every situation is unique. Employing proper containment, diagnostic, and communications protocols is essential in every ransomware incident. We’ve posted several videos about this topic. In general, the rate (and respective sophistication) of the ransomware attacks in-the-wild follow the value of the Bitcoin currency. We encourage organizations of all sizes to think like a hacker / attacker / cybercriminal, never think you are too small to be targeted (or a victim), and employ a layered defensive strategy. If you’ve found yourself the unfortunate victim of a cyber-criminal ransomware (or extortion) attack, contact us or another qualified and experienced ransomware incident response organization. The experiences we’ve had will make a positive difference to your outcome.
If you’re ready to strike out on your own and buy some Bitcoin (BTC) to pay that ransom, head over to coinbase, localbitcoins.com, or bitcoin.info to setup a wallet and get started. We like these exchanges only because they are reputable and can deliver on their promises. Cryptocurrency is like the wild-west, it’s still largely unregulated and has unscrupulous businesses posing as legitimate organizations. Exercise caution and a “buyer beware” attitude.
Before you buy those Bitcoins, be aware that this course of action may not be covered under your business insurance or even cyber-liability insurance policy. Contact your insurance carrier before forking over the cash for some cryptocurrency. Not only might they not cover your loss, you may be faced with a loss of data. Consider what happens if the attackers fail to deliver on their promise to decrypt your data. Require the attacker to prove their ability to decrypt your data. This is most commonly done by sending a sample file for them to decrypt. Lastly, keep in mind that all of your communication with the attackers may be needed in a criminal or insurance investigation. They are committing a criminal act after all. Choosing how, from where, and when to communicate with the bad guys is a critical step in successfully recovering from a crypto-ransomware attack.
The age-old saying of “An ounce of Prevention is worth a pound of cure” applies to this situation. Keeping your I.T. house in order really pays dividends when contrasted against the scourge of ransomware. Maintaining exceptional Data Backup with Recovery Point Objectives (RPO) that permit your business to easily recovery is one highly effective preventative strategy. Using a layered defensive strategy combined with exceptional threat detection are mitigation techniques which are also proven to yield big dividends. As attackers target smaller businesses, the paradoxical question of “to pay or not to pay” will undoubtedly continue to be asked. We challenge you to take preventative steps and change the question to one irrelevant to your organization.
Corporate Information Technologies provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.
Contact us to learn more and let us show you how good I.T. can be!