This year, businesses will fall victim to a ransomware attack every 11 seconds, according to research firm Cybersecurity Ventures. Some of them, like the Colonial Pipeline, admitted that they don’t have a plan for when this will happen.
Some companies have never even dealt with Bitcoin, which is the currency of choice for almost all ransom payments.
“Many of these companies, especially if they haven’t prepared for the extortion attempt, have no idea what they need to do,” said Rick Holland, chief information security officer for Digital Shadows, a cyber threat intelligence company.
“Insurance companies sometimes give them advice on how to pay and encourage firms to work with it,” Holland continued. “The ransomware will give instructions on how to set up bitcoin wallets and where to go to mine bitcoins.”
There are also companies that resort to logistics at the last minute. One example is DigitalMint, a full-service, last-mile cryptocurrency broker.
“We’re at the end,” explained Mark Grens, co-founder and president of DigitalMint.
“We are hired specialists after forensic consultants, the company and stakeholders decided that we had exhausted all our options and that paying the ransom from an economic point of view is the best way to move forward. That’s when they come to companies like us to help them acquire cryptocurrency at any time of the day or night, ”Grens told CNBC.
Within 30-60 minutes of the first contact, DigitalMint may pay a ransom for the victim. This includes vetting the hacker to make sure he is not tied to a US-sanctioned country and entering the open market, order books, and exchanges to acquire the cryptocurrency needed to pay the ransom.
The company says 90 to 95% of the buyback is paid in bitcoin, but monero is becoming an increasingly popular option. Monero is considered more of a privacy token and gives cybercriminals greater freedom from some of the tools and tracking mechanisms that the bitcoin blockchain provides.
Since January 2020, DigitalMint says it has facilitated over $ 100 million in ransomware settlements, with an average payment of $ 800,000.
Total ransomware payments more than quadrupled last year from 2019 levels to $ 350 million, according to Chainalysism, but DigitalMint told CNBC that this figure is likely an understatement. Grens believes the true figure is close to $ 1 billion.
In April, a task force that includes Amazon Web Services, Microsoft, the FBI, and the Secret Service, among others, provided the White House with guidance on how to deal with the ransomware threat. A group of more than 60 people was divided on the issue of banning payments to cybercriminals.
Part of the problem is that attackers are becoming more intelligent about their ransom demands.
“If they ask too much, the forensic science examines their feasibility studies and says, ‘Well, this is too much. Let’s just rebuild our systems, take the risk and not pay for it, ”said Grens.
At some point, it is economically more profitable to simply pay the ransom rather than spend money due to paralyzed operations.