According to research firm Cybersecurity Ventures, a company will be the victim of a ransomware attack every 11 seconds this year. Some of them, like Colonial Pipeline, have admitted that they have no plan when this will happen.
Several companies have never traded Bitcoin, the currency of choice for virtually all ransom payments.
“A lot of these companies have no idea what to do, especially if they haven’t prepared to blackmail,” said Rick Holland, chief information security officer at Digital Shadows, a cyber threat company.
“Insurance companies sometimes give them payment instructions and recommend companies to work with them,” said Holland. “The blackmailers will be giving instructions on how to set up Bitcoin wallets and where to get Bitcoin.”
There are also companies that step in at the last minute to handle the logistics. One example is DigitalMint, a full-service last mile crypto broker.
“We’re at the end of the process,” said Marc Grens, Co-Founder and President of DigitalMint.
“We are the hired specialists after the forensic consultants, the company and the stakeholders all believe they have exhausted their options and that paying the ransom is economically the best way to move forward for companies like us come to help them purchase crypto any time of the day or night, “Grens told CNBC.
Within 30 to 60 minutes of initial contact, DigitalMint can make the ransom payment for the victim. This includes checking the hacker to make sure it isn’t tied to a U.S. sanctioned country and going to the open market, ordering books, and sourcing exchanges to get the cryptocurrency required to pay the ransom acquire.
The company says 90% to 95% of ransom money is paid in Bitcoin, but Monero is growing in popularity. Rather than being considered a privacy token, Monero allows cyber criminals more freedom from some of the tracking tools and mechanisms that the Bitcoin blockchain brings with it.
As of January 2020, DigitalMint has reportedly enabled more than $ 100 million in ransomware billing with an average payment of $ 800,000.
Chainalysis said payments for crypto ransomware more than quadrupled from 2019 to $ 350 million in the past year, but DigitalMint told CNBC that that number is likely underestimated. Grens believes the real number is closer to $ 1 billion.
In April, a task force including Amazon Web Services, Microsoft, the FBI and the Secret Service submitted recommendations to the White House on how to combat the ransomware threat. When asked whether payments to attackers should be banned, the group of more than 60 members was divided.
Part of the problem is that threat actors are becoming more adept at pricing their ransom demands.
“When they ask too much, forensics goes through their feasibility studies and says, ‘Well, that’s too much. Let’s just rebuild our systems, take a risk and not pay for it, ‘”Grens said.
At some point, it makes more economic sense to just pay the ransom instead of bleeding cash from paralyzed operations.