British Companies Buy Bitcoins As Ransom Money

Uploaded on 2016-06-27 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

According to a cyber-security survey, 33% of UK companies are buying Bitcoin in anticipation of ransomware attacks. This comes after a Canadian university recently paid 20,000 Canadian dollars in Bitcoin for the encryption keys to their data.

Canadian university ransomware attack

More than 100 of the computers at the University of Calgary had been infected with the ransomware, causing email and other files to become encrypted. After their IT department spent countless hours trying to find a solution to the attack, it was resolved that they would pay the ransom money of CAD $20,000 (USD $15,780) in Bitcoin to the attackers.

Linda Dalgetty, the university’s vice President, said: “The university is now in the process of assessing and evaluating the decryption keys. The actual process of decryption is time-consuming and must be performed with care. It is important to note that decryption keys do not automatically restore all systems or guarantee the recovery of all data.”

The university also reported that there was no indication that “any personal or other university data was released to the public”. However, local police were still informed, and are investigating.

Recent spate of ransomware payouts

The attack and subsequent payout by the University of Calgary comes after the Hollywood Presbyterian Medical Center was attacked in February, and paid USD $17,000 to restore system access, while the Melrose Police Department in Massachusetts paid USD $450 in the same month.

Speaking to the BBC, Dr Steven Murdoch from University College London, said of paying the ransom money: “It’s very tempting for organisations to pay out the ransom because that might be the only way they can get their data back, but that makes it worse for everyone else because it encourages more people to set up schemes like the one used in the Calgary case. It would be better if nobody ever paid, although that’s unrealistic to expect.”
He added: “What’s making matters worse is a new trend. The hackers are threatening to publicly publish information they found on your computers if you refuse to pay, which acts as a double incentive to comply.”

Also speaking to the BBC, Raj Samani, European technology head for Intel Security, said of the ransomware ‘epidemic’, “Ransomware and crypto malware are rising at an alarming rate and show no signs of stopping.” The BBC also reported that “other researchers reported seeing a 3,500% increase in the criminal use of net infrastructure that helps run ransomware campaigns.”

UK firms preparing ransom money

A recent cyber-security survey by remote access developer Citrix found that of the 250 companies of various sizes that were surveyed, 33% of the IT and cyber-security specialists representing them said they were buying Bitcoin in anticipation of ransomware attacks.

The survey found that; 36% of smaller businesses (250-500 employees), 57% of medium-size businesses (501-1000 employees), and 18% of larger firms (>2000 employees had cryptocurrency in storage, with larger firms saying they were willing to pay up to £50,000 (USD $71,675) in Bitcoin for encryption keys if the data contained important intellectual property or business-critical data.

Analysis by Finance Magnates verbalised what many in the cryptocurrency community are inevitably thinking:

“This poll’s results raise a few interesting questions such as: why not just open an account with an exchange, which would not cost anything until (or if) the money is really needed; why not invest the funds in improving security or just get an insurance plan against hackers instead of paying ransoms and encouraging future attacks; and, isn’t holding bitcoin just giving hackers another target to aim for if they have already gained access to your systems?”

New UK cryptocurrency laws

Perhaps the answer to the ransomware problem, at least in the eyes of the British lawmakers, is increased regulation. In a presentation to Members of the British Parliament, the Crown Prosecution Service (CPS), said virtual currencies are “increasingly a feature of serious and organised crime.”

The CPS is petitioning MPs to pass new laws to help them stop criminals and terrorists using Bitcoin, arguing that “these currencies allow criminals to operate and launder money without any legitimate oversight of their activity. A power for law enforcement to seize, hold and sell virtual currency is required if we are to keep abreast of changes in the manner sophisticated criminals operate.”

Keith Vaz, the chairman of the Commons Home Affairs Committee said of the proposal: “I welcome the recommendation by the CPS that new laws are needed to seize virtual currencies, which are increasingly used by organised criminals, as well as terrorist groups. Virtual currency transactions are far from transparent, and clearly better oversight is needed to prevent anonymous and sophisticated money laundering operations.”

Coin Telegraph

 

« Beware: Top Cyber Scams To Avoid This Summer
US National Cybersecurity Plan Costs $19b »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cyber, Space, & Intelligence Association (CSIA)

Cyber, Space, & Intelligence Association (CSIA)

CSIA focuses on issues critical to Cyber Security, Military Space and Intelligence.

Careers in Cyber Security (CiCS)

Careers in Cyber Security (CiCS)

CareersinCyberSecurity is a leading global job board and career resource for Cyber Security, IT Audit, Technology Risk and Data Protection professionals.

Computer Forensic Services

Computer Forensic Services

Computer Forensic Services are digital evidence specialists. Practice areas include Information Security, e-Discovery, Law Enforcement Support and Litigation.

Hexatrust

Hexatrust

The HEXATRUST club was founded by a group of French SMEs that are complementary players with expertise in information security systems, cybersecurity, cloud confidence and digital trust.

Circadence

Circadence

Circadence offer the only fully immersive, AI-powered, patent-pending, proprietary cybersecurity training platform in the market today.

Ziroh Labs

Ziroh Labs

Ziroh Labs leverages advanced cryptography to keep your highly sensitive, private data safe throughout the lifecycle of data.

Cytelligence

Cytelligence

Cytelligence is a cyber security consulting company with deep expertise in Cyber Breach Response, Cyber Breach Investigations, and Digital Forensics.

River Loop Security

River Loop Security

River Loop Security specialize in solving complex cybersecurity challenges in the IoT and embedded devices space.

SubRosa Cyber Solutions

SubRosa Cyber Solutions

SubRosa Cyber Solutions solves its clients’ most tenacious information security, risk and compliance challenges through a multitude of information technology services and expertise.

Technisanct

Technisanct

Technisanct works with Governments, especially Law Enforcement and Defence agencies, helping them in monitoring threats, managing their data and resolving their forensic needs.

Votiro

Votiro

Votiro is an award-winning cybersecurity company that specializes in file sanitization, ensuring every organization is safe from zero-day and undisclosed attacks.

Drumz

Drumz

Drumz plc is an investment company whose investing policy is to invest principally but not exclusively in the technology sector within Europe.

SafePaas

SafePaas

SafePaas is a leading Enterprise Risk Management Platform. One source of truth for all your Audit, Risk, and Compliance requirements. Complete governance across your systems.

VLC Solutions

VLC Solutions

VLC Solutions is an independent solutions and technology service provider offering Cloud Services, Cybersecurity, ERP Services, Network Management Services, and Compliance Solutions.

MajorKey Technologies

MajorKey Technologies

MajorKey improves security performance by reducing user friction and business risk, empowering your people, and protecting your IP.

Secure Enterprise Engineering (SEE)

Secure Enterprise Engineering (SEE)

SEE provides disruptive cybersecurity system engineering, architecture, and operational capabilities to make our customer’s missions execute faster, smarter, and more securely.