Information reported by the highly reputable The Telegraph in an article published on December 16, 2017: according to Paul Taylor, former head of cyber defense at the Ministry of Defense, some companies are quietly buying Bitcoins. Their goal: to have the means to immediately pay any ransom demanded following a ransomware attack.
Cybercrime is becoming increasingly profitable
This phenomenon is occurring against a backdrop of accelerating ransomware risks in 2017. Experts say that we are only at the beginning of increasingly numerous and sophisticated attacks.
A study by Carbonblack also indicates that ransoms paid by companies are increasing at a staggering rate: $24 million in 2015, $850 million in 2016, and $5 billion in 2017!
This is enough to inspire vocations among both "isolated lone pirates" and the most well-oiled criminal organizations.
Avant De Cliquer is a member of the CPME, a confederation of small and medium-sized enterprises across all sectors, including industry, services, commerce, crafts, and the liberal professions, and a member of MEDEF, France's leading network of entrepreneurs.
Buying Bitcoins: a guarantee just in case...
Furthermore, these purchases are profitable due to fluctuations in Bitcoin, which rose from €500 to over €13,000 in just a few months.
Citrix asked 500 organizations with more than 250 employees whether they had implemented a preventive policy for purchasing Bitcoins. The result is surprising: they report storing an average of 23 Bitcoins...
This is inexpensive "insurance" considering the losses incurred by some organizations that were ill-prepared for ransomware attacks.
For example, Reckitt Benckiser, better known for its Nurofen and Durex brands. The company reportedly suffered a loss of £100 million as a result of problems caused by the Petya ransomware in June 2017.
Organizations tend to discreetly pay the ransom demanded of them.
It must be noted that organizations prefer to discreetly pay the ransom demanded. This means not following the authorities' guidelines. And yet, the authorities consistently recommend not paying.
Some victim organizations never file complaints for fear of causing panic among their customers and/or suppliers.
This type of concealment has been impossible since June 2018. The implementation of the GDPR ( General Data Protection Regulation) requires companies that are victims of data breaches to disclose them, or risk a huge fine.
