British Companies Buy Bitcoins As Ransom Money

According to a cyber-security survey, 33% of UK companies are buying Bitcoin in anticipation of ransomware attacks. This comes after a Canadian university recently paid 20,000 Canadian dollars in Bitcoin for the encryption keys to their data.

Canadian university ransomware attack

More than 100 of the computers at the University of Calgary had been infected with the ransomware, causing email and other files to become encrypted. After their IT department spent countless hours trying to find a solution to the attack, it was resolved that they would pay the ransom money of CAD $20,000 (USD $15,780) in Bitcoin to the attackers.

Linda Dalgetty, the university’s vice President, said: “The university is now in the process of assessing and evaluating the decryption keys. The actual process of decryption is time-consuming and must be performed with care. It is important to note that decryption keys do not automatically restore all systems or guarantee the recovery of all data.”

The university also reported that there was no indication that “any personal or other university data was released to the public”. However, local police were still informed, and are investigating.

Recent spate of ransomware payouts

The attack and subsequent payout by the University of Calgary comes after the Hollywood Presbyterian Medical Center was attacked in February, and paid USD $17,000 to restore system access, while the Melrose Police Department in Massachusetts paid USD $450 in the same month.

Speaking to the BBC, Dr Steven Murdoch from University College London, said of paying the ransom money: “It’s very tempting for organisations to pay out the ransom because that might be the only way they can get their data back, but that makes it worse for everyone else because it encourages more people to set up schemes like the one used in the Calgary case. It would be better if nobody ever paid, although that’s unrealistic to expect.”
He added: “What’s making matters worse is a new trend. The hackers are threatening to publicly publish information they found on your computers if you refuse to pay, which acts as a double incentive to comply.”

Also speaking to the BBC, Raj Samani, European technology head for Intel Security, said of the ransomware ‘epidemic’, “Ransomware and crypto malware are rising at an alarming rate and show no signs of stopping.” The BBC also reported that “other researchers reported seeing a 3,500% increase in the criminal use of net infrastructure that helps run ransomware campaigns.”

UK firms preparing ransom money

A recent cyber-security survey by remote access developer Citrix found that of the 250 companies of various sizes that were surveyed, 33% of the IT and cyber-security specialists representing them said they were buying Bitcoin in anticipation of ransomware attacks.

The survey found that; 36% of smaller businesses (250-500 employees), 57% of medium-size businesses (501-1000 employees), and 18% of larger firms (>2000 employees had cryptocurrency in storage, with larger firms saying they were willing to pay up to £50,000 (USD $71,675) in Bitcoin for encryption keys if the data contained important intellectual property or business-critical data.

Analysis by Finance Magnates verbalised what many in the cryptocurrency community are inevitably thinking:

“This poll’s results raise a few interesting questions such as: why not just open an account with an exchange, which would not cost anything until (or if) the money is really needed; why not invest the funds in improving security or just get an insurance plan against hackers instead of paying ransoms and encouraging future attacks; and, isn’t holding bitcoin just giving hackers another target to aim for if they have already gained access to your systems?”

New UK cryptocurrency laws

Perhaps the answer to the ransomware problem, at least in the eyes of the British lawmakers, is increased regulation. In a presentation to Members of the British Parliament, the Crown Prosecution Service (CPS), said virtual currencies are “increasingly a feature of serious and organised crime.”

The CPS is petitioning MPs to pass new laws to help them stop criminals and terrorists using Bitcoin, arguing that “these currencies allow criminals to operate and launder money without any legitimate oversight of their activity. A power for law enforcement to seize, hold and sell virtual currency is required if we are to keep abreast of changes in the manner sophisticated criminals operate.”

Keith Vaz, the chairman of the Commons Home Affairs Committee said of the proposal: “I welcome the recommendation by the CPS that new laws are needed to seize virtual currencies, which are increasingly used by organised criminals, as well as terrorist groups. Virtual currency transactions are far from transparent, and clearly better oversight is needed to prevent anonymous and sophisticated money laundering operations.”

Coin Telegraph

 

« Beware: Top Cyber Scams To Avoid This Summer
US National Cybersecurity Plan Costs $19b »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

iboss Network Security

iboss Network Security

The iboss cloud is designed to deliver Network Security as a Service, in the cloud, using the best malware engines, threat feeds and log analytics engines.

Vysk Communications

Vysk Communications

Vysk is an award-winning mobile security firm that has developed the world’s most secure system for voice communication.

Cobalt Labs

Cobalt Labs

Pen Testing as a Service for Modern SaaS Businesses. Cobalt is redefining the modern pen test for companies who want serious hacker-like testing built into their development cycle.

CloudMask

CloudMask

CloudMask patent technology provides Dynamic Data Masking (DDM) that masks sensitive data, structured or non-structured, in real-time.

Inavate Consulting

Inavate Consulting

Inavate Consulting are experts in defining and implementing information assurance solutions and governance frameworks. Our ISO27001 consultants are the most experienced in the industry.

American Cybersecurity Institute

American Cybersecurity Institute

American cybersecurity Institute is a newly formed not-for-profit organization dedicated to education, advocacy, study and analysis in the space of cybersecurity law and policy.

CyberForum

CyberForum

CyberForum supports businesses from the IT and high-tech industry in all stages of their development: from startup consulting to professional staffing and even location marketing campaigns.

Ultra Electronics

Ultra Electronics

Ultra specialises in providing application-engineered bespoke solutions. We focus on mission critical and intelligent systems in the defence, security, critical detection & control markets.

Softcat

Softcat

Softcat offer a broad portfolio of IT services and solutions covering Hybrid Infrastructure, Cyber Security, Digital Workspace and IT Intelligence.

Cyber Security Cooperative Research Centre (CSCRC)

Cyber Security Cooperative Research Centre (CSCRC)

The CSCRC provides frank and fearless research and in-depth analysis of cyber security systems, the cyber ecosystem and cyber threats.

Virtual Technologies Group (VTG)

Virtual Technologies Group (VTG)

Virtual Technologies Group is a single source, IT product and services provider for SMBs and IT departments, delivering reliable, cost-efficient service, maintenance and support solutions.

CryptoNext Security

CryptoNext Security

CryptoNext provides optimal end-to-end post-quantum cybersecurity remediation tools and solutions for IT/OT infrastructures & applications.

Avalon Cyber

Avalon Cyber

Arm your organization in the fight against cyberattacks by partnering with the experts at Avalon Cyber.

BluSapphire

BluSapphire

BluSapphire is an industry-first, purpose-built, cloud-native, Hybrid XDR platform powered by AI and big data analytics.

Astran

Astran

At Astran, we revolutionize data security by introducing a groundbreaking solution for data confidentiality headaches.

Internet Initiative Japan (IIJ)

Internet Initiative Japan (IIJ)

IIJ is one of Japan's leading Internet-access and comprehensive network solutions providers.