Why employers should care about Bitcoin in ransomware attacks

Stephen Scott, BridgeTower Media Newswires

In May of 2010 a man offered to pay 10,000 Bitcoins in exchange for delivery of two pizzas (while valued at only $41 at the time of the transaction, such a sum is valued around $300 million today). Bitcoin has changed significantly since 2010, as has as our society’s understanding of cryptocurrency and access to it.

For example, an increasing number of hackers are demanding cryptocurrency – such as Bitcoin – in exchange for ending their ransomware attack. This begs two questions: What do you need to know about this recent trend, and why should employers care about Bitcoin’s role in ransomware cases? To answer those questions, consider the following background information.

—————

What is ransomware?

It’s a type of malicious software designed to block access to a computer system until a sum of money is paid. The FBI reported recently that the number of ransomware incidents in the U.S. continues to rise, with 2,474 reported in 2020.

—————

What is Bitcoin?

It’s the world’s first widely adopted cryptocurrency. It allows for secure peer-to-peer transactions on independent computers across the globe. Importantly, every Bitcoin transaction is tracked on Bitcoin’s blockchain, which is a digital ledger.
Bitcoin’s blockchain is decentralized, which means that there is no single controlling entity; anyone can participate and perform a transaction.

—————

Why the recent rise in attacks?

Employers’ reliance on technology increased substantially throughout the pandemic. For example, COVID-19 mitigation measures forced companies to utilize remote workforces for an extended time and in ways many never envisioned previously. With the increase of remote work comes an increased exposure to cyberattacks and data breaches, most of which are caused by well-meaning employees who inadvertently put companies at risk through various forms of phishing, hacking or ransomware attacks.

—————

Why should employers care?

When discussing the recovery of the ransomed Bitcoin (from the recent Pipeline ransomware attack), the U.S. deputy attorney general stressed to businesses that the threat of a severe ransomware attack presents a “clear and present danger to your organization, to your company, your customers, your shareholders and your long-term success.”

In a recent Internet Crime Complaint Center (IC3) report, the FBI stated that the IC3 received a record number of complaints from the American public in 2020: 791,790, with reported losses exceeding $4.1 billion. According to the report, this represented a 69 percent increase in total complaints from 2019. And although business email compromise (BEC) schemes continued to be the costliest (19,369 complaints with an adjusted loss of approximately $1.8 billion), with phishing scams the most prominent (241,342 complaints), the number of ransomware incidents in the U.S. continues to rise. The most common means used in ransomware attacks are:

• email phishing wherein the cybercriminal sends an email containing a malicious file or link that deploys malware when clicked by a recipient;

• remote desktop protocol vulnerabilities wherein individuals are allowed to control the resources and data of a computer over the internet; and

• software vulnerabilities wherein attackers take advantage of security weaknesses in widely used programs to gain control of victim systems and deploy ransomware.

—————

What should employers do?

As part of any emergency plan to deal with such an attack, ensure there is access to individuals or entities (i.e., either specifically trained employees within the organization or third-party service providers) that comprehensively understand blockchain technology and how to access, hold and transfer cryptocurrency such as Bitcoin. In times of an emergency or crisis resulting from a cyberattack, immediate efforts may prove crucial to an organization’s ability to quickly respond in a way that minimizes damage. In addition, other steps to protect a business from falling victim to ransomware and other cyberattacks include:

• providing robust cybersecurity training to employees on an annual basis;

• reviewing security protocols and updating them regularly;

• encrypting data at rest and in transit whenever possible;

• avoiding utilization of local hard drive space;

• requiring two-factor authorization to access the internal company network;

• requiring employees to set up passwords with multiple characters (including numbers, letters and symbols) and requiring that the passwords be changed routinely;

• creating an incident response plan in the event of a cyberattack or compromised system; and

• considering cyber insurance.

Based on current events, cryptocurrency ransomware attacks are unlikely to end anytime soon. As a result, employers need to develop plans. Be prepared for the worse and hope for the best. Or as Mad-Eye Moody says, employ “constant vigilance!”

—————

Stephen Scott is an associate in the Portland office of Fisher Phillips, a national firm dedicated to representing employers’ interests in all aspects of workplace law. Contact him at 503-205-8094 or smscott@fisherphillips.com.