By Tom Simonite from MIT Technology Review
The rise of malware that holds data hostage has led companies to buy Bitcoin to use as ransom in case of an attack.
Digital currency Bitcoin is variously promoted as an alternative to gold, a good way to make international transfers, or the future of e-commerce. New research suggests that companies are now stockpiling Bitcoin for a different reason: so they can pay up quickly if their data is held ransom by malicious software.
Ransomware, as it is called, has locked up the data of huge numbers of individuals and businesses in recent years. Many of them, including police departments and hospitals, have opted to pay up to get their data back.
A small survey by corporate networking company Citrix indicates that some IT professionals are even stockpiling bitcoins so they can pay up quickly in the event ransomware strikes their network. Out of 250 IT and security workers at U.K. companies with more than 250 employees, a third said they were stockpiling the currency. A researcher at Cornell recently tweetedthat the university’s treasurer created an account with the Bitcoin exchange Coinbase so as to be ready if ransomware struck.
Almost half of respondents in the Citrix survey said that company data was not backed up at least daily. Security experts advise that backups are the best defense against ransomware and generally discourage paying off ransomware, since it encourages the industry.
Holding Bitcoin in reserve could help a company without backups get back online faster. Most companies have no reason to have a Bitcoin account otherwise. Having one ready to go could save precious time during which a company can’t operate as normal.
Just how many companies are setting aside ransom money in advance is probably hard to know because it’s something they may be loath to advertise. Acknowledging that you are ready to pay—and perhaps don’t have a good backup system—could attract the attacks this policy is designed to handle.