Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Don't pay ransoms. But if you must, here's where to buy the Bitcoins

Maria Korolov | April 5, 2017
If you're hit by ransomware and you have to pay the ransom -- what do you do?

"In some enterprises, if they get hit by ransomware and want to buy Bitcoin, it can take a while to go through procurement," he said. "In some organizations, that can take days, maybe even more."

The currency exchanges will normally have a wallet to keep Bitcoins in.

Coinbase, for example, allows customers to set up multiple wallets for their Bitcoins, and also offers a Bitcoin "vault" with extra security measures including the option to require approval from multiple users for each transaction.

"So if someone hijacks one of your email addresses, they won't be able to get the money out that way," said BT America's Karagiannis.

"If it's a small modest amount you want to keep on hand for quick transactions, Coinbase is good for that," he added.

There are also other Bitcoin wallet alternatives out there, including ones that a company can keep on its own premises -- though if the wallet itself gets caught up in the ransomware attack, that could cause problems.

 

How much should you buy?

According to Barak, ransom sizes vary based on the size of the victim. Individual consumers are typically hit for 1 or 2 Bitcoin, which is approximately $1,000 or $2,000.

Small to midsized companies see typical ransom demands of between 2 and 20 Bitcoin, said Barak.

"A large enterprise can see higher demands," he added. "The largest we've seen was about $150,000, which was about 150 Bitcoin. But we are seeing a trend for an increase in the ransom demands, especially as it relates to larger enterprises and in ransomware that creates a bit more damage."

Most experts recommend not paying the ransoms.

"The fact that ransomware attacks keep growing and are so prevalent is because there are people paying," said Luis Corrons, PandaLabs technical director at Panda Security. "If all victims stopped paying, ransomware attacks would disappear in a matter of days."

But that isn't always practical, said Barak. Say, for example, the ransomware propagates through a large number of machines and attacks not only the data but also the operating systems.

"Option number one is that you reinstall all those machines," he said. "That could take you days. Or you could pay the ransom and recover your business operations in an hour or so."

But in some circumstances, you should never pay a ransom at all. Say, for example, an attacker threatens to release your corporate data.

"Even if the attacker proves that they have the data, shows some of it to you, you can never control where the data will go once they have it," he said. There's no guarantee that the criminal will erase all the data, like they promised.

 

Previous Page  1  2  3  4  Next Page 

Sign up for Computerworld eNewsletters.