British companies 'stockpile' Bitcoin to use as ransomware hush money

Bitcoin
Companies fearful of a cyber attack are instructing workers to open digital wallets to pay criminals Credit: Bloomberg

Businesses are hoarding Bitcoin to pay off hackers in the event of a WannaCry-style cyber-attack.

Company executives are terrified of a spike in similar attacks to the ransomware that crippled parts of the NHS earlier this year. Admitting to a customer data breach can leave a company's reputation in tatters. 

“Companies are definitely stockpiling Bitcoin in order to be prepared to pay ransoms,” Paul Taylor, former Ministry of Defence cyber chief and KPMG partner told The Sunday Telegraph.

Ransomware is so prevalent that employees are being ordered to prepare digital wallets and monitor cryptocurrency prices – which have been soaring in recent weeks – to hedge against inflation should they need to buy, to keep a hack under wraps, Mr Taylor added.

Steve Chabinsky, former FBI adviser and partner at law firm, White & Case, said he is is aware of "companies that create Bitcoin accounts in order to be prepared”.

WannaCry
Thousands of WannaCry victims were met with this screen when it spread worldwide in May Credit: EPA

There is growing concern that it is cheaper and easier to pay a ransom than it is to report a breach to the police and the Information Commissioner’s Office.

“It’s not something that organisations have publicly confirmed, because it says ‘we are willing to pay criminals in the event we are hit by ransomware’,” said McAfee’s chief scientist Raj Samani.

“However, it is certainly a practice we are aware is being done.”

Chris Mayers, chief security architect at Citrix, thinks that the soaring value of Bitcoin spells trouble. Its value has soared above $17,000 (£12,750).

“Businesses that have a stockpile of Bitcoin in anticipation of a ransomware demand may now be tempted to cash in, given the surge in value,” he said.

“This could raise the risk to businesses, given the continued growth in ransomware attacks, and a possible future rise in Bitcoin prices.

“Equally, those that do have large stockpiles may be at risk of being raided specifically for Bitcoin piles.”

Businesses fall victim to malware in two ways. In some cases, a hugely profitable company is targeted by a criminal gang, who conduct campaigns to get into their systems.

This includes sending employees emails with "bad" links that inadvertently cause them to download data-pilfering software, which spreads throughout a corporate IT system and seizes its critical files. 

Other methods, which were evident in the case of WannaCry, see opportunistic criminals unleashing malware indiscriminately, hoping to catch companies that do not have the most up-to-date systems.

Hackers will hold files ransom in return for cryptocurrency, including Bitcoin and the practise has become a million pound industry. It is so prevalent that executives are ordering employees to prepare digital wallets and monitor cryptocurrency valuation to hedge against inflation, should they need to buy some to keep breaches hidden. 

Mr Taylor said several companies were keeping an eye on the cryptocurrency, which has seen a staggering rise in recent weeks.

"Some are saying: 'if Bitcoin is going to go up, we had better buy some now, whilst it is not so pricey'.

"Some are looking into Ethereum because it's cheaper." 

There have been reports that British companies - including an anonymous utility company - believe that it is cheaper and easier to pay than confess. 

Earlier this year Citrix asked 500 companies with 250 or more employees were stockpiling an average of 23 bitcoins on standby.

Large companies may be hedging their bets, but Mr Chabinsky said that price fluctuation would be more likely to become a challenge for hackers rather than companies.  "They are trying to post a ransomware demand for an amount the victims find reasonable, without knowing on any given day what one Bitcoin will be worth - and therefore, whether the victim will be able to afford it".

McAffee's Samani added: "Our message will always be not to pay criminals. The best defense against ransomware is to be proactive, back up your data, update your security, but most importantly remember NoMoreRansom is a portal for you, and Don’tPay."

License this content