According to research firm Cybersecurity Ventures, this year the company will fall victim to a ransomware attack every 11 seconds. Some of them, like the Colonial Pipeline, admitted that they don’t have a plan for when this will happen.
Some companies have never even traded Bitcoin, which is the currency of choice for almost all ransom payments.
“Many of these companies, especially if they have not prepared themselves for the extortion attempt, have no idea what to do,” said Rick Holland, director of information security at Digital. Shadows, a cyber threat intelligence service.
“Insurance companies sometimes give them advice on how to pay and recommend companies to work with,” Holland said. “The ransomware will give instructions on how to set up bitcoin wallets and where to get bitcoins. “
There are also companies that are in a hurry to get involved in logistics at the last minute. One example is DigitalMint, a full-service last mile cryptocurrency broker.
“We’re at the end,” said Mark Grens, co-founder and president of DigitalMint.
“We are professionals hired after forensic consultants, the company and stakeholders have all decided that they have exhausted their options and that paying the ransom is economically the best way to move forward. That’s when they come to companies like us to help them acquire cryptocurrency at any time of the day or night, ”Grens told CNBC.
Within 30-60 minutes of the first contact, DigitalMint may pay a ransom for the victim. This includes vetting the hacker to make sure he is not tied to a US-sanctioned country and entering the open market, order books, and exchanges to acquire the cryptocurrency needed to pay the ransom.
The company claims that 90-95% of the buyback is paid in bitcoin, but monero is becoming an increasingly popular option. Monero is viewed more as a privacy token and gives cybercriminals more freedom to use some of the tools and tracking mechanisms provided by the Bitcoin blockchain.
As of January 2020, DigitalMint claims to have facilitated over $ 100 million in ransomware settlements with an average payout of $ 800,000.
Total ransomware payments more than quadrupled last year from $ 350 million in 2019, according to Chainalysis, but DigitalMint told CNBC that this figure is likely an understatement. Grens believes the real figure is close to $ 1 billion.
In April, a task force that included, among others, Amazon Web Services, Microsoft, the FBI and the Secret Service, provided the White House with guidance on how to deal with the ransomware threat. A group of more than 60 people was divided on the issue of prohibiting payments to cybercriminals.
Part of the problem is that attackers are increasingly smart about their ransom demands.
“If they ask too much, the forensics examines their feasibility study and says, ‘Well, this is too much. Let’s just rebuild our systems, take the risk and not pay for it, ”said Grens.
At some point, it’s economically more profitable to just pay the ransom rather than waste money on disruptions.