British Companies Buy Bitcoins As Ransom Money

Uploaded on 2016-06-27 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

According to a cyber-security survey, 33% of UK companies are buying Bitcoin in anticipation of ransomware attacks. This comes after a Canadian university recently paid 20,000 Canadian dollars in Bitcoin for the encryption keys to their data.

Canadian university ransomware attack

More than 100 of the computers at the University of Calgary had been infected with the ransomware, causing email and other files to become encrypted. After their IT department spent countless hours trying to find a solution to the attack, it was resolved that they would pay the ransom money of CAD $20,000 (USD $15,780) in Bitcoin to the attackers.

Linda Dalgetty, the university’s vice President, said: “The university is now in the process of assessing and evaluating the decryption keys. The actual process of decryption is time-consuming and must be performed with care. It is important to note that decryption keys do not automatically restore all systems or guarantee the recovery of all data.”

The university also reported that there was no indication that “any personal or other university data was released to the public”. However, local police were still informed, and are investigating.

Recent spate of ransomware payouts

The attack and subsequent payout by the University of Calgary comes after the Hollywood Presbyterian Medical Center was attacked in February, and paid USD $17,000 to restore system access, while the Melrose Police Department in Massachusetts paid USD $450 in the same month.

Speaking to the BBC, Dr Steven Murdoch from University College London, said of paying the ransom money: “It’s very tempting for organisations to pay out the ransom because that might be the only way they can get their data back, but that makes it worse for everyone else because it encourages more people to set up schemes like the one used in the Calgary case. It would be better if nobody ever paid, although that’s unrealistic to expect.”
He added: “What’s making matters worse is a new trend. The hackers are threatening to publicly publish information they found on your computers if you refuse to pay, which acts as a double incentive to comply.”

Also speaking to the BBC, Raj Samani, European technology head for Intel Security, said of the ransomware ‘epidemic’, “Ransomware and crypto malware are rising at an alarming rate and show no signs of stopping.” The BBC also reported that “other researchers reported seeing a 3,500% increase in the criminal use of net infrastructure that helps run ransomware campaigns.”

UK firms preparing ransom money

A recent cyber-security survey by remote access developer Citrix found that of the 250 companies of various sizes that were surveyed, 33% of the IT and cyber-security specialists representing them said they were buying Bitcoin in anticipation of ransomware attacks.

The survey found that; 36% of smaller businesses (250-500 employees), 57% of medium-size businesses (501-1000 employees), and 18% of larger firms (>2000 employees had cryptocurrency in storage, with larger firms saying they were willing to pay up to £50,000 (USD $71,675) in Bitcoin for encryption keys if the data contained important intellectual property or business-critical data.

Analysis by Finance Magnates verbalised what many in the cryptocurrency community are inevitably thinking:

“This poll’s results raise a few interesting questions such as: why not just open an account with an exchange, which would not cost anything until (or if) the money is really needed; why not invest the funds in improving security or just get an insurance plan against hackers instead of paying ransoms and encouraging future attacks; and, isn’t holding bitcoin just giving hackers another target to aim for if they have already gained access to your systems?”

New UK cryptocurrency laws

Perhaps the answer to the ransomware problem, at least in the eyes of the British lawmakers, is increased regulation. In a presentation to Members of the British Parliament, the Crown Prosecution Service (CPS), said virtual currencies are “increasingly a feature of serious and organised crime.”

The CPS is petitioning MPs to pass new laws to help them stop criminals and terrorists using Bitcoin, arguing that “these currencies allow criminals to operate and launder money without any legitimate oversight of their activity. A power for law enforcement to seize, hold and sell virtual currency is required if we are to keep abreast of changes in the manner sophisticated criminals operate.”

Keith Vaz, the chairman of the Commons Home Affairs Committee said of the proposal: “I welcome the recommendation by the CPS that new laws are needed to seize virtual currencies, which are increasingly used by organised criminals, as well as terrorist groups. Virtual currency transactions are far from transparent, and clearly better oversight is needed to prevent anonymous and sophisticated money laundering operations.”

Coin Telegraph

 

« Beware: Top Cyber Scams To Avoid This Summer
US National Cybersecurity Plan Costs $19b »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North American Electric Reliability Corporation (NERC)

North American Electric Reliability Corporation (NERC)

NERC is a not-for-profit international regulatory authority whose mission is to assure the reliability and security of the bulk power system in North America.

AAROH

AAROH

AAROH helps customers in Government, Law Enforcement, and Enterprises to identify, prevent, detect, resolve and protect from threats, crimes, breaches & fraud.

Cog Systems

Cog Systems

Cog Systems offer an embedded solution built on modularity, proactive security, trustworthiness, and adaptability to enable highly secure connected devices.

Department of Justice - Office of Cybercrime (DOJ-OOC)

Department of Justice - Office of Cybercrime (DOJ-OOC)

The Office of Cybercrime within the Philippines Department of Justice is the Central Authority in all matters relating to international mutual assistance and extradition for cybercrime.

Arkose Labs

Arkose Labs

Arkose Labs' Fraud and Abuse Platform combines Telemetry and adaptive Enforcement Challenges to break down the ROI of fraudsters and protect digital businesses.

Symantec

Symantec

Symantec delivers data-centric hybrid security for the largest, most complex organizations in the world – on devices, in private data centers, and in the cloud.

Startupbootcamp Fintech & Cybersecurity

Startupbootcamp Fintech & Cybersecurity

Startupbootcamp is the world’s largest network of multi-corporate backed accelerators helping startups scale internationally.

Secuvant

Secuvant

Secuvant is an independent IT Security firm providing enterprise-grade IT security services to mid-market organizations.

Dasera

Dasera

Dasera’s Radar and Interceptor products deliver visibility, governance, and protection solutions for data-agile companies.

Audea

Audea

Audea is a consultancy firm specialising in cybersecurity, risk and compliance. We provide professional services addressing all areas of Cybersecurity and GRC.

Advantio

Advantio

Advantio offers a unique combination of technologies and managed, advisory and testing services to increase your cyber resilience and compliance.

Akto

Akto

Akto, the plug & play API security platform. Discover your APIs, run tests and find business logic vulnerabilities at ludicrous speed.

Dutch Research Council (NWO)

Dutch Research Council (NWO)

The Dutch Research Council (NWO) is one of the most important science-funding bodies in the Netherlands and ensures quality and innovation in science.

Iolo

Iolo

Iolo develops patented technology and award-winning software that repairs, optimizes, and protects computers, to maximize system speed and performance while keeping them safe.

APIsentry

APIsentry

APIsentry is a leading provider of comprehensive API security solutions, specializing in protecting organizations from a wide range of cyber threats targeting their Application Programming Interfaces.

Eficens Systems

Eficens Systems

Eficens Systems is a global IT services and consulting company. We specialize in empowering businesses to harness the potential of Information Technology as a strategic asset.