Bitcoin and Paying Ransom to Cyber Criminals

Imagine coming into the office one day to find all of your business data completely unreadable or unusable, and in order to get it back, someone is politely asking for payment of one or two bitcoins.

Your first thought may be “wow, these cyber-thugs are very nice.” Your second might likely be, “what on earth is a Bitcoin?” Bitcoin is an anonymous online currency; it’s like cash on the internet. Although Bitcoin was created in 2009 – and gained momentum among small groups of investors, Internet activists, and computer science geeks – Bitcoin has become somewhat of a household name over the last year thanks to criminals.

Their game is cyber extortion and Bitcoin is their currency of choice. Or you can call it “ransom.” Here’s how the scheme works: Criminal organizations, demonstrating their technical skills and business prowess, created a new type of malicious software which encrypts any files it can access and then demands a ransom be paid in order to unencrypt them. For unfortunate businesses who don’t have a rock-solid backup and disaster recovery solutions, these Crypto-type malware infections can be crippling.

And that’s why this Bitcoin scheme is so devious. Since bitcoins are traded like a commodity, their value fluctuates daily; however the typical ransom is between $300 and $500. At that cost – if your business doesn’t have a great backup – paying the ransom is, unfortunately, often the best choice. No matter how distasteful it is to cough up $500 to get your business operational again, it’s going to cost much more to combat them (and you’ll probably lose because the time period in which they demand agreement to pay is only hours). Be aware that if you do decide to pay, obtaining bitcoins isn’t as simple as you might think … and this is where companies might absorb more significant costs.

Bitcoin accounts are called wallets. Obtaining a Bitcoin wallet, funding it, and making a transaction are usually done on online exchanges; though there are some Bitcoin ATM’s in metropolitan areas. It’s important to keep in mind that Bitcoin exchanges, ATMs and wallets are run by for-profit companies, often in international markets. Therefore, some degree of suspicion is warranted in dealing in Bitcoin, especially since a few notable exchanges have recently been robbed and/or shutdown without warning or any word as to what will happen to existing balances.

If you’re to pay a Crypto-type ransom, it’s worth noting that the process can take multiple days for each step, usually related to the required verification processes that make Bitcoin a reliable form of internet currency. So, although that $500 ransom may seem relatively easy to swallow; the real cost to business is often much larger after factoring in the extended downtime – anywhere from 1 to 14 days.

The bottom line is that it’s still best to avoid such situations by combining an in-depth multilayered approach to IT security, with a reliable backup and disaster recovery process that features frequent snapshots. If you’re unsure of how protected you are, a good first step is to get a qualified IT professional to conduct a security and backup review of your system.