“Our goal is to make money, not create problems for society,” reads the statement excerpt from DarkSide, a cybercriminal group indirectly responsible for the recent ransomware attack on Colonial Pipeline, the operator of the largest gasoline pipeline in the U.S.
However, making money as an ultimate goal of attackers means that companies, organizations or individuals that get hit by a ransomware attack can potentially lose money.
And unfortunately, financial loss isn’t the only thing that could happen. Sometimes losing sensitive corporate data can hit much harder.
Here, we’ll dive into the most recent ransomware examples, go through what happens if ransomware attackers request payment in Bitcoin and discuss whether paying a ransom is the only option.
Ransomware Examples & What You Can Learn from Them
Colonial Pipeline got hit by a ransomware attack on May 7, 2021, when hackers stole nearly 100 gigabytes of data from its computer systems. Then, they locked up the access to the computers and demanded payment to unlock them.
Whether Colonial paid the ransom or not, wasn’t disclosed.
However, almost a week after the attack, Colonial had restored only minor parts of its system, but not the main lines. Thanks to the hackers, the consequences of having this pipeline down for one to three weeks could include price increases and fuel shortages, which many Americans are already experiencing.
This is only one of the most recent ransomware examples.
Within a few days, ransomware attacks hit:
- The police department in Washington, D.C., with a threat of releasing information about police informants to criminal groups
- The Illinois Attorney General’s office, which had been warned about weak cybersecurity practices within a previous state audit
- The San Diego-based hospital Scripps Health, where the office network got broken into and emergency patients had to be diverted to other hospitals
What can we learn from these examples?
Here are some key points to keep in mind:
- Neither public organizations nor private businesses are immune to ransomware attacks
- No one can predict who the next target will be or when the attack will occur
- Such an attack could cause a financial loss, as well as substantial data loss
Apart from financial consequences, ransomware can potentially have a highly negative impact on overall social and economic issues.
In most cases, the ransom amount isn’t publicly disclosed, but Bloomberg estimates that demands can range from several hundred dollars to millions of dollars in cryptocurrency.
Let’s look at using Bitcoin in particular, as one of the most popular cryptocurrencies for ransomware payments.
Ransomware & Bitcoin: A Brief Overview
Before we dive in, here is a brief overview of the current ransomware-related happenings.
What Is a Ransomware Attack?
A ransomware attack is a form of cyberextortion. By implementing malicious software that blocks access to a computer system, cybercriminals typically encrypt the existing data so a system owner cannot access it until they pay the ransom.
The victim of a ransomware attack pays for a unique decryption key, held by the attacker, that will allow the system owner to regain access to its data.
According to Coveware, a company helping ransomware victims respond to attacks:
- $220,298 was the average ransom payment in Q1 2021 (+43% from Q4 2020)
- $78,398 was the median ransom payment in Q1 2021 (+59% from Q4 2020)
Sometimes, a ransomware attack also includes threats of revealing sensitive personal or business data to the public if the victim doesn’t pay.
What is Ransomware-as-a-Service?
Believe it or not, several cybercriminal groups are “professionalizing” their activities by developing ransomware encryption solutions and offering them as a Ransomware-as-a-Service (RaaS) model.
DarkSide is one of these groups. They describe themselves as a Robin Hood, claiming they “don’t attack hospitals, nursing homes, educational or government targets, but they do donate a portion of their take to charity.”
However, their partners (i.e., groups that buy ransomware software from them) may not operate the same way.
So, in the abovementioned statement that DarkSide published on their (no longer existing) website on the dark web, the group also stated: “From today, we will check each company that our partners want to encrypt to avoid social consequences in the future.”
Coveware also reports that a new trend has emerged in the first quarter of 2021, referring to several RaaS groups focusing on developing ransomware software for Unix and Linux operating systems.
Another point that has been tied with ransomware attacks recently has been demanding payment in Bitcoins.
What Is Bitcoin?
Bitcoin is one of the most popular cryptocurrencies. It was developed in 2009 by a mysterious person (or a group of people) known as Satoshi Nakamoto.
The main difference between Bitcoin and traditional, government-issued currencies – apart from the fact that Bitcoin doesn’t exist physically, only virtually – lies in its “decentralized” nature.
All existing Bitcoins are maintained on a blockchain-based ledger hosted publicly across a system of computers. Any sales, trades or transfers of new Bitcoins are verified on this ledger first. It is a completely transparent system.
New Bitcoins are created by so-called mining. The way Satoshi Nakamoto envisioned it, new Bitcoins are going to be released until the number of tokens reaches 21 million.
The price of Bitcoin is highly volatile. For example, in a week between May 14, 2021, and May 20, 2021, the value of Bitcoin fell from over $50,000 to nearly $30,000 and then bounced up to over $38,000.
How to Pay Ransomware with Bitcoins
Typically, if you don’t own any Bitcoins, you have two options:
- To mine new ones
- To buy existing ones
If you haven’t bought or traded Bitcoin before, first you need to choose an online trading platform that allows the trade of cryptocurrencies. This can be, for example, Robinhood, Coinbase, BUX or any other eligible platform.
Here are some of the steps to follow:
- Create a profile by adding personal information
- Choose the type of account you want to open
- Answer questions about your financial history
- Fund your account by a wire transfer or any other way
- Put a “Buy” order for the number of Bitcoins you need
- After you buy, Bitcoins will be stored in your exchange account
Once you gain the needed number of Bitcoins, you can then follow the exact instructions that an attacker has given, assuming there are specific requirements they provide.
Is Paying Off Ransomware Hackers the Only Solution?
The short answer to this question is: No.
The longer version includes options.
Even though in such a disruptive moment paying off a hacker seems to be the only option, make sure to first explore every other possibility of recovering your data without making the payment.
Some of your other options may include:
- Engaging cybersecurity experts to help you restore your systems
- Recovering data safely with the help of a managed IT services provider
- Ensuring faster recovery by implementing a business continuity plan
For more information about reliable disaster recovery, read our article about business continuity and how to plan for the unexpected.
Also, before you pay the ransom, keep in mind that the U.S. Treasury Department recently warned organizations that make ransomware payments that they “may risk violating economic sanctions imposed by the government against cybercriminal groups or state-sponsored hackers.”
Can a Managed IT Services Provider Help with Ransomware Detection?
Another important question is: Can a ransomware attack be detected upfront or even prevented?
Unfortunately, the short answer is once again: No.
No one can predict or detect a ransomware attack before it happens, because the actual attack only happens when malicious software is opened and (automatically) downloaded to the system.
Also, no one can be 100% protected from this type of attack because no one (other than the criminals themselves) knows who the target is going to be.
However, there are ways to protect your company’s systems. And, yes, a managed IT services provider (MSP) can help you.
How can an MSP help protect your business from ransomware attacks?
By integrating proactive cybersecurity practices in your everyday work.
Typically, an MSP will help you:
- Get your systems in order before anything happens
- Identify vulnerabilities and weak points
- Fix issues on time to keep your data secure
- Maintain networks and implement regular system updates
- Monitor the dark web for any sensitive data leaked from your company
- Offer expert help to create an effective business continuity plan
- Guide you through the process of disaster recovery, if anything happens
- Help you get you back on your feet by implementing a contingency plan
Key Takeaways on How Cybersecurity Helps Protect Your Business Data and Avoid Ransomware Attackers
Knowing that ransomware attacks are becoming more frequent across the U.S., securing your IT networks and keeping systems and data proactively secure can make a huge difference.
Implementing cybersecurity best practices can help you:
- Secure systems, networks and connections
- Continuously test, scan and monitor systems
- Back up your data to offsite servers or cloud systems
- Create various disaster recovery strategies
- Ensure business continuity even if a disaster strikes
All in all, a managed IT services provider can help you create a plan, keep everything in order and go through a possible attack with minimal consequences.
Even though an MSP can’t protect you 100% from a ransomware attack (no one can), it may be an excellent solution for protecting your business data and, potentially, saving a lot of money that you might otherwise use as a ransom payment.