Companies keeping Bitcoin on hand in case of ransomware attacks

Sometimes its the only option when you haven’t made backups a priority…

David Bisson
@DMBisson

Companies are stockpiling Bitcoin just in case they suffer a ransomware attack and need to quickly regain access to their data.

In 2016, Citrix found that a third of British companies maintained contingency reserves of Bitcoin. More than half (57 percent) of companies with between 501 and 1,000 employees said they kept this digital currency on hand.

By comparison, only 36 percent of organizations with between 250 and 500 employees and less than a fifth (18 percent) of companies with over 2,000 employees said they stored Bitcoin.

Sign up to our newsletter
Security news, advice, and tips.

Emergency caches such as these do ensure organizations can “regain access to important intellectual property or business critical data” in the event they suffer an extortion-based attack like ransomware. After all, most ransomware infections go hand in hand. Bob Wice of Beazley Group elaborated on this point for NBC News:

“Part of the everyday ransomware demand is Bitcoin, because it’s easy to get and it’s the currency of choice for the criminal underground.”

Companies got to witness computer criminals’ preference for Bitcoins firsthand on 12 May when an updated version of WannaCry ransomware swept the United Kingdom’s National Health Service (NHS), Telefonica, and other organizations using an exploit for a Windows vulnerability. (The NSA developed the attack, code which the Shadow Brokers hacker group eventually obtained and leaked online.)

By 15 May, the ransomware had swept across 150 countries and claimed more than 200,000 victims. Every affected machine displayed the same demands: $300 in Bitcoin.

WannaCry ransom note.

It makes sense that organizations would want to be prepared for ransomware attacks. Dr. Simon Moores, Britain’s former technology ambassador and chairman of the annual international e-Crime Congress, clarified this perspective:

“I’ve often heard expressed that intelligence agencies and law enforcement act on a reactive basis. Once it’s into your system, there’s not much they can do about it…. It’s all well and good to catch up to the actors and prosecute them, but that doesn’t help you if you happen to be a financial institution or a business and data is mission critical.”

True. But businesses realize there are risks other than ransomware that threaten their “mission critical” data, right? One of their production servers could crash, or a fire could damage their data center. How could companies recover if a non-ransomware incident affected their data?

The answer isn’t obvious. Citrix observed in 2016 that a third of UK companies didn’t back up their data. This is a HUGE missed opportunity. With data backups, not only do organizations have hope of restoring their data if an asset goes down or if they experience a physical disaster. They can also recover from a ransomware incident without paying the ransom.

If your company doesn’t back up its mission critical data, you begin doing so ASAP. Here is a great place to start.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

One comment on “Companies keeping Bitcoin on hand in case of ransomware attacks”

  1. But businesses realize there are risks other than ransomware that threaten their "mission critical" data, right? One of their production servers could crash, or a fire could damage their data center. How could companies recover if a non-ransomware incident affected their data?

    DR / BCP.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.