READ TIME: 5 MIN

Ransomware + Cryptocurrency = Costly for Your Business

Ransomware + Cryptocurrency = Costly for Your Business

Bitcoin. Ethereum. Dogecoin. You’ve probably heard of at least one of these cryptocurrencies that are now all the rage.

The cryptocurrency craze has grown in the past few years, with prices jumping in 2017 and simply skyrocketing in 2020. Simultaneously, ransomware attacks increased: The number of cases reported to the FBI increased 66% last year.

These are not unrelated trends.

The Connection Between Cryptocurrency and Ransomware

Cryptocurrency has enabled cybercriminals to anonymously extort businesses through ransomware. In fact, Bitcoin represents 98% of ransomware payments.

Here’s why.

Criminals need not worry about transporting large amounts of stolen money or converting the cash into more easily transferable goods when cryptocurrency is to be had. Now, they can hack a company’s IT system (usually by tricking an unaware and unassuming employee), encrypt the data, and demand huge sums of “virtual” money in exchange for access to their stolen data.

Disguised with a random account number, the cybercriminals remain anonymous during the transaction, and then move it from one anonymous account to another so it is impossible to trace—at least until recently. After the DarkSide’s ransomware attack on the Colonial Pipeline in the U.S., the FBI traced its way through account after account, eventually recovering more than half of the $4.4 million paid ransom.

While this recovery is hopeful, companies must not rely on the expectation their ransom will be returned: The Colonial Pipeline attack was a high-profile event, which demanded extensive resources to recover only part of the ransom; this treatment may not be provided for every business. Besides, the identification and prosecution of cybercriminals is another thing entirely.

Cryptocurrency and ransomware attacks have been steadily rising in recent years, but with more users online more often on more devices due to remote work and education in 2020, the two flourished and the effects were devastating.

The Impacts of a Ransomware Attack

The average ransomware payment increased by 60% in the first half of 2020. In less than two years, the average ransomware payment went from $12,000 in Q4 2019 to $54,000 in Q1 2021. Before 2020, there was no ransom above $6 million, but every quarter since Q1 2020 has had at least one. In 2019, a total of $92 million in cryptocurrency was sent to ransomware attackers; in 2020, that total rose to $406 million.

It is not just financial damages that your business could face because of a ransomware attack.

A study showed that 65% of those hit with a ransomware attack suffered revenue loss, and 26% closed their businesses for a period of time. 53% had their brand and reputation damaged. 32% lost C-level executives, and 29% laid off employees.

And of course, the loss of or delayed access to critical data is costly, but is it worth paying the ransom?

To Pay or Not To Pay

As of October 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced it is now illegal to pay ransoms to cybercriminals, and yet, some entities still pay. 15% of ransomware payments (equating to about $50 million in cryptocurrency) were subject to sanctions liability.

A 2020 survey reported that 68% of U.S. companies had paid the ransom demanded in their ransomware attack, and 10% did not pay. 22% were not infected.

Top reason for not paying the ransom? 42% said paying does not necessarily guarantee a decryption key. In fact, another study showed that only 8% got all their data back and 29% got no more than half their data.

Meanwhile, those that did pay the ransom seemingly marked themselves as pliable victims. 80% of businesses that paid were hit with a second ransomware attack; 46% believed it came from the same cybercriminals responsible for the first attack.

Whether a company decides to pay or not to pay the ransom, their most important decision will be how they prepare for and prevent ransomware attacks.

Ways to Protect Your Business from a Ransomware Attack

In one survey, businesses listed cybersecurity defenses and disaster recovery solutions that are critical against ransomware attacks: 24% said data backup, 18% advised employee security awareness training, and 15% recommended endpoint security for devices.

Here are a few ways to protect your business against ransomware threat actors:

  1. Enable a multilayered cybersecurity plan.
    Be sure to include managed email security, DNS security, patching, and endpoint security in your strategy. Monitor your IT systems 24/7 and detect threats with Security Information and Event Management (SIEM) and log monitoring. Don’t forget the employee security awareness training!
  2. Establish a business continuity plan.
    Safeguard your company in the event of a crisis with a set of policies, procedures, and automated processes to guarantee business operations will continue without downtime.
  3. Backup data and develop a disaster recovery plan.
    Preserve your data with consistent backups and a disaster recovery service to quickly restore data in the event it is lost or encrypted so no cybercriminal can hold it ransom against your business.
  4. Create and test an incident response plan.
    Develop procedures for the possible occurrence of all cyberattacks, including ransomware. The response and remediation processes should be specially written for how to isolate the threat, contain the damage, and eradicate the breach.

Ransomware preparedness is complex, and 54% of businesses state that cyberattacks are too advanced for their IT team to handle without external assistance.

Jumpstart Your Cybersecurity and Cyber Resiliency

Take your cybersecurity and cyber resiliency seriously with NexusTek. As an SSAE 18 SOC II certified company, NexusTek protects, detects, and responds to cyber threats. NexusTek’s managed cybersecurity plans—Essential, Standard, and Advanced—safeguard your business’ highest risk asset: your employees and their data. Plans are customizable based on need and existing IT environment. Our disaster recovery services ensure your business is not beholden to ransomware attackers, and our business continuity planning guarantees your company never misses a beat.

Take your security seriously with NexusTek.