A business will fall victim to a ransomware attack every 11 seconds this year, according to research firm Cybersecurity Ventures. Some of them, like Colonial Pipeline, have admitted they don’t have a plan for when that happens.
“A lot of these companies, especially if they haven’t prepared for an extortion attempt, have no clue what they need to do,” said Rick Holland, chief information security officer at Digital Shadows, a cyberthreat intelligence company.
“Insurance companies will sometimes give them guidance on how to pay and recommend firms to work with on it,” Holland said. “The extortionists will give instructions on how to set up bitcoin wallets and where to go to procure bitcoin.”
There are also companies that swoop in at the last minute to handle the logistics. One example is DigitalMint, a full-service, final-mile crypto broker.
“We’re at the end of the process,” said Marc Grens, co-founder and president of DigitalMint.
“We’re the hired specialists, after the forensic consultants, the company, and stakeholders have all made the determination they’ve exhausted all their options and that paying the ransom from an economics perspective is the best way to move forward. That’s when they come to companies like us in order to help them acquire crypto at any time of day or night,” Grens told CNBC.
In the space of 30 to 60 minutes from initial contact, DigitalMint is able to make the ransom payment for the victim. This includes vetting the hacker to make sure they aren’t tied to a U.S.-sanctioned country and going on the open market, order books and exchanges to acquire the cryptocurrency needed to pay the ransom.
The company says that 90% to 95% of ransoms are paid in bitcoin, but monero is an increasingly popular option. Monero is considered more of a privacy token and allows cybercriminals greater freedom from some of the tracking tools and mechanisms that the bitcoin blockchain brings.
Since January 2020, DigitalMint says it has facilitated more than $100 million in ransomware settlements with a median payment of $800,000.
Last year, crypto ransomware payments overall more than quadrupled from 2019 levels to $350 million, according to Chainalysis, but DigitalMint told CNBC that figure is likely understated. Grens believes the true number is closer to $1 billion.
In April, a task force including Amazon Web Services, Microsoft, the FBI and the Secret Service, among others, delivered recommendations to the White House on how to fight the ransomware threat. On the question of whether to ban payments to attackers, the group of more than 60 members was split.
Part of the problem is that the threat actors are getting savvier at pricing their ransom demands.
“If they ask for too much, forensics goes through their feasibility studies and says, ‘Well, that’s too much. Let’s just rebuild our systems, take a risk, and not pay for it,'” Grens said.
At a certain point, it is more economically viable to just pay the ransom rather than hemorrhaging cash due to paralyzed operations.