Coveware Cybersecurity Firm Helps Pay Bitcoin Ransoms for its Clientele
The creation and continued adoption of cryptocurrencies all over the world is cause for joy. Across the board, the development of important new features have led to the application of blockchain technologies to more new industries than many ever thought to be possible. While the bearish crypto winter of 2018 has led to a deep-seeded sense of pessimism for many, it is important to also remember all the things for which the growing cryptocurrency community ought to be very thankful for—and this list continues to grow.
But along with the strides in technology being made, some problems still persist. Chief among these continued issues within the cryptocurrency markets and the blockchain sector is the issue of cybercrime. The very beginning days of Bitcoin, the first major cryptocurrency won negative attention from three-letter organizations all over the world for its role in the creation and use of illicit marketplaces used to sell drugs, weapons, and even stolen identities. And moving into 2018, financial crime on the blockchain is an issue that continues to guarantee clearly negative press for the entire industry.
Ransomware is one of the oldest tricks in the book when it comes to scamming people out of money. And when creators of ransomware technology use the blockchain and crypto technology to carry out their nefarious operation, it becomes even easier for criminals to steal from businesses that simply might not know better. Consequently, the ransomware underground continues to grow in 2018, aided by the anonymous nature of cryptocurrency.
The Mantra of “Never Pay”
For years, the cybersecurity community has urged victims of ransomware to refuse to pay the ransom. Employing similar logic that countries like the United States use when dealing with terrorist calls for ransom, these experts argue that paying the ransom both legitimizes and motivates further attacks and keeps business owners from seeking often-simple solutions to the pressing security problem.
But one company has sprung up in an attempt to help smaller organizations deal with cyber-crime, and they are trying to change the way that the community views ransomware attacks. Coveware CEO Bill Siegel stated in an interview with Forbes that the old method of “never paying” is extremely outdated, and that the victims of ransomware need to respond to what he calls the “reality” of a ransomware attack on their network.
In order to appropriately respond to a ransomware-based attack, this company argues that companies need to make an extremely difficult choice. On one hand, they could pay what often amounts to a few hundred or a few thousand dollars and likely regain access to their servers and information. But if they fail to pay the ransom, it can often be nearly impossible to get that information back, which can cost upwards of tens of thousands of dollars.
A Complicated Decryption Process
Coveware has been tremendously successful at unlocking companies from the throes of a ransomware attack. Although security professionals might disagree with their methods, the company boasts a 100% success rate with unlocking the company’s server following successful negotiations with the individuals conducting the ransomware attack.
But the rate at which all data is successfully decrypted and recovered is actually slightly lower, averaging out to around 90%. But according to the company’s CEO, this amount is still far higher than the percentage of successful negotiations that happen when a company refuses to pay any kind of ransom to unlock their site and data.
Even after negotiations are successful, this security expert outlined that recovering data can be a lengthy and tricky process. Decryption tools are notoriously “flukey,” and not all data that was stolen and encrypted is always successfully returned to its original owner unscathed.
An “Odd Dynamic”
One of the more interesting parts of the interview happened when the interviewee responded to the issue of occasionally having to return to the hackers after the ransom is paid to ask follow-up questions regarding how to best decrypt the data using the tools that they have—and the ones given to them by the attacker.
For the most part, he has founds that the attackers actually try to help the best they can during this complicated process. The CEO stated that the attackers are “running a business,” and that they realize that a failing decryption system will dissuade future system admins from paying the ransom. On both sides of the equation, he finds that case studies and statistics can be used to help smooth out the process when responding to future issues.
To Pay or not to Pay?
According to Siegel, the negotiation process is fluid and can vary based on the company being attacked, the nature of the ransomware being used, as well as the advantages that the IT department already has when responding to the issues. On some occasions, he even says that Coveware has advised companies to refrain from paying the ransom, at least until they can formulate a better strategy by which to respond.
Coveware is changing the way companies view ransomware. It may very well be the case that the days of “never pay” are gone, replaced instead by a fluid system of negotiation and business dealings in the rapidly changing world of cybersecurity.