British Companies Buy Bitcoins As Ransom Money

According to a cyber-security survey, 33% of UK companies are buying Bitcoin in anticipation of ransomware attacks. This comes after a Canadian university recently paid 20,000 Canadian dollars in Bitcoin for the encryption keys to their data.

Canadian university ransomware attack

More than 100 of the computers at the University of Calgary had been infected with the ransomware, causing email and other files to become encrypted. After their IT department spent countless hours trying to find a solution to the attack, it was resolved that they would pay the ransom money of CAD $20,000 (USD $15,780) in Bitcoin to the attackers.

Linda Dalgetty, the university’s vice President, said: “The university is now in the process of assessing and evaluating the decryption keys. The actual process of decryption is time-consuming and must be performed with care. It is important to note that decryption keys do not automatically restore all systems or guarantee the recovery of all data.”

The university also reported that there was no indication that “any personal or other university data was released to the public”. However, local police were still informed, and are investigating.

Recent spate of ransomware payouts

The attack and subsequent payout by the University of Calgary comes after the Hollywood Presbyterian Medical Center was attacked in February, and paid USD $17,000 to restore system access, while the Melrose Police Department in Massachusetts paid USD $450 in the same month.

Speaking to the BBC, Dr Steven Murdoch from University College London, said of paying the ransom money: “It’s very tempting for organisations to pay out the ransom because that might be the only way they can get their data back, but that makes it worse for everyone else because it encourages more people to set up schemes like the one used in the Calgary case. It would be better if nobody ever paid, although that’s unrealistic to expect.”
He added: “What’s making matters worse is a new trend. The hackers are threatening to publicly publish information they found on your computers if you refuse to pay, which acts as a double incentive to comply.”

Also speaking to the BBC, Raj Samani, European technology head for Intel Security, said of the ransomware ‘epidemic’, “Ransomware and crypto malware are rising at an alarming rate and show no signs of stopping.” The BBC also reported that “other researchers reported seeing a 3,500% increase in the criminal use of net infrastructure that helps run ransomware campaigns.”

UK firms preparing ransom money

A recent cyber-security survey by remote access developer Citrix found that of the 250 companies of various sizes that were surveyed, 33% of the IT and cyber-security specialists representing them said they were buying Bitcoin in anticipation of ransomware attacks.

The survey found that; 36% of smaller businesses (250-500 employees), 57% of medium-size businesses (501-1000 employees), and 18% of larger firms (>2000 employees had cryptocurrency in storage, with larger firms saying they were willing to pay up to £50,000 (USD $71,675) in Bitcoin for encryption keys if the data contained important intellectual property or business-critical data.

Analysis by Finance Magnates verbalised what many in the cryptocurrency community are inevitably thinking:

“This poll’s results raise a few interesting questions such as: why not just open an account with an exchange, which would not cost anything until (or if) the money is really needed; why not invest the funds in improving security or just get an insurance plan against hackers instead of paying ransoms and encouraging future attacks; and, isn’t holding bitcoin just giving hackers another target to aim for if they have already gained access to your systems?”

New UK cryptocurrency laws

Perhaps the answer to the ransomware problem, at least in the eyes of the British lawmakers, is increased regulation. In a presentation to Members of the British Parliament, the Crown Prosecution Service (CPS), said virtual currencies are “increasingly a feature of serious and organised crime.”

The CPS is petitioning MPs to pass new laws to help them stop criminals and terrorists using Bitcoin, arguing that “these currencies allow criminals to operate and launder money without any legitimate oversight of their activity. A power for law enforcement to seize, hold and sell virtual currency is required if we are to keep abreast of changes in the manner sophisticated criminals operate.”

Keith Vaz, the chairman of the Commons Home Affairs Committee said of the proposal: “I welcome the recommendation by the CPS that new laws are needed to seize virtual currencies, which are increasingly used by organised criminals, as well as terrorist groups. Virtual currency transactions are far from transparent, and clearly better oversight is needed to prevent anonymous and sophisticated money laundering operations.”

Coin Telegraph

 

« Beware: Top Cyber Scams To Avoid This Summer
US National Cybersecurity Plan Costs $19b »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

April 4, 2024 | 11:00 AM PT: Join this webinar to find out about six emerging trends dominating the cloud cybersecurity landscape.

Aurec

Aurec

Aurec provides specialist recruitment and contracting services including ICT professionals.

Cyber Defense Media Group (CDMG)

Cyber Defense Media Group (CDMG)

CDMG is the leading global media group for all things cyber defense.

CERT-EU

CERT-EU

CERT-EU is a permanent Computer Emergency Response Team for the EU institutions, agencies and bodies.

CERT Bulgaria (CERT.BG)

CERT Bulgaria (CERT.BG)

CERT Bulfaria is the National Computer Security Incidents Response Team for Bulgaria.

Namogoo

Namogoo

Namogoo’s disruptive technology identifies and blocks unauthorized product ads that are injected into customer web sessions by client-side Digital Malware.

NetGuardians

NetGuardians

NetGuardians is a leading Fintech company recognized for its unique approach to fraud and risk assurance solutions.

Advanced Systems International SAC

Advanced Systems International SAC

Advanced Systems international is a global company dedicated to data security software design, development, support, and licensing.

Asseco Group

Asseco Group

Asseco Poland stands at the forefront of the multinational Asseco Group. We are a leading provider of state-of-the-art IT solutions in Central and Eastern Europe.

AnchorFree

AnchorFree

AnchorFree is a Virtual Private Network services provider offering secure encrypted access to the internet.

Cequence Security

Cequence Security

Cequence secures web, mobile, and API applications. We discover all apps, detect malicious bots, and stop attacks with an AI-integrated security platform.

Altipeak Security

Altipeak Security

Altipeak Security provide Safewalk - a flexible and robust authentication platform through which we offer improved security to SMBs, corporates, banks, insurance companies, healthcare and more.

Converge Technology Solutions

Converge Technology Solutions

Converge Technology Solutions Corp. is a North American IT solution provider delivering advanced analytics, cloud, cybersecurity, and managed services solutions.

Defentry

Defentry

Defentry have created an Ecosystem that lets our users easily monitor, train and resolve their digital security issues.

Xceptional

Xceptional

Xceptional is a multi-award-winning technology services firm that celebrates the unique strengths of people with autism.

NextGen Cyber Talent

NextGen Cyber Talent

NextGen Cyber Talent is a non-profit providing a platform to increase diversity and inclusion in the cybersecurity industry.

Contextal

Contextal

Contextal develops cutting-edge open-source cybersecurity solutions, designed to connect the dots and detect complex threats, which slip through the existing protections.