Uber is not the first company, and will certainly not be the last, to pay hackers' ransom demands rather than disclose a data breach to a watchdog. Now, companies are starting to stockpile bitcoin in case of a ransomware attack, reports the International Business Times.
Many U.K. banks, for example, have begun accumulating anywhere from 50-100 bitcoins, reports IBT. Many organizations have been hesitant to publicly admit it, however, because doing so can be an indication they are willing to pay criminal hackers.
- Hackers demanding ransom in the form of cryptocurrency is not new. For example, the WannaCry attack generated about $140,000 in bitcoin for the hackers, and the money was finally moved in early August. Because of the decentralized, anonymous nature of the ledger-based cryptocurrency, authorities could not trace the individuals tied to the bitcoin wallets.
Bitcoin stores are not cheap to come by these days. The cryptocurrency is fast approaching a $19,000 valuation for each token. While companies can turn to Ethereum or other cryptocurrencies, bitcoin remains the most popular.
Hackers are afforded a good deal of secrecy and cleanliness with these cryptocurrencies, but the ransom route can easily backfire for companies. The revelation of Uber's $100,000 payment to hackers in November certainly gave many executives pause.
While worst-case scenario preparations are certainly important for businesses looking to smoothly handle and recover from an attack, bitcoin stores for ransom should not be the enterprise's sole focus. Reinforcing baseline security, formulating disclosure procedures to legal watchdogs and creating recovery plans for a variety of cyberattacks will help a business prepare.
But planning for every possibility is impossible because hackers are only getting more creative and savvy, and something as simple as a video game can inspire powerful attacks. Just look at the three college-age kids behind the Mirai botnet who started out trying to get the edge in "Minecraft" and ended up crippling internet systems with DDoS attacks, reports Wired.