This year, a company is the victim of a ransomware attack every 11 seconds. according to the research company Cybersecurity Ventures. Some of them, like Colonial Pipeline, have admitted that they have no plan when this will happen.
“A lot of these companies have no idea what to do, especially if they haven’t prepared to blackmail,” said Rick Holland, chief information security officer at Digital Shadows, a cyber threat company.
“Insurance companies sometimes give them instructions on how to pay and recommend companies to work with them,” continued Holland. “The blackmailers will be giving instructions on how to set up Bitcoin wallets and where to get Bitcoin.”
There are also companies that step in at the last minute to handle the logistics. One example is DigitalMint, a full-service last mile crypto broker.
“We’re at the end of the process,” said Marc Grens, co-founder and president of DigitalMint.
“We are the hired specialists after the forensic consultants, the company, and the stakeholders all believe that they have all exhausted their options and that paying the ransom is, economically, the best way to get ahead at companies like come to us to help them acquire crypto any time of the day or night, “Grens told CNBC.
Within 30 to 60 minutes of initial contact, DigitalMint can make the ransom payment for the victim. This includes checking the hacker to make sure it is not tied to a U.S. sanctioned country and going to the open market, order books, and exchanges to acquire the cryptocurrency needed to pay the ransom .
The company says 90 to 95% of ransom money is paid in Bitcoin, but Monero is growing in popularity. Rather than being considered a privacy token, Monero allows cyber criminals more freedom from some of the tracking tools and mechanisms that the Bitcoin blockchain brings with it.
Since January 2020, DigitalMint has reportedly enabled ransomware deals worth over $ 100 million with an average payment of $ 800,000.
In the past year, payments for crypto ransomware more than quadrupled overall from 2019 $ 350 million, according to Chainalysism, but DigitalMint told CNBC that that number is likely an understatement. Grens believes the real number is closer to $ 1 billion.
In April a task force, which includes Amazon Web Services, Microsoft, the FBI and the Secret Service, recommendations provided to the White House to tackle the ransomware threat. When asked whether payments to attackers should be banned, the group of more than 60 members was divided.
Part of the problem is that threat actors are becoming more adept at pricing their ransom demands.
“When they ask too much, forensics goes through their feasibility studies and says, ‘Well, that’s too much. Let’s just rebuild our systems, take a risk and not pay for it, ‘”Grens said.
At some point, it makes more economic sense to just pay the ransom instead of bleeding cash from paralyzed operations.