We tend to serve a wide variety of clientele. Not too long ago, we were informed that an attorney we know had been made into a ransomware victim. The entire content of his computer had been encrypted by a criminal seeking to extort money. In the sale of anything, the vendor (in this case the demander of the ransom) will choose the currency. With cyber-crime, that will always be a cryptocurrency, such as bitcoin.
By this time, all of us have likely been the victim of ransomware or know someone that has. This self-same attorney was instructed to send 1.5 bitcoins to an unfamiliar internet address, using a currency and method which were completely foreign to him. His response was “I don’t negotiate with terrorists.”
My immediate follow-up question dealt with his last verified backup – of which he had none. “I have over $34,000 in unbilled time on that computer!”
Suddenly, someone was going to have to negotiate with a terrorist. Fortunately for my client, my firm already had a cryptocurrency account (bitcoin) setup. Through a painful process over the course of days, we negotiated the release of the key by facilitating the ransom payment for this attorney. It should also be noted at this juncture that when a ransom is paid, there is no guarantee when and if your data will be restored. In this case, the data release and restoration took place three days after the payment transaction. Also, to be noted, the longer you wait to pay the ransom, the higher the demanded ransom will likely become.
If needed for your firm or one of your clients, how quickly and safely could your firm acquire and convey cryptocurrency assets? Bitcoin is not the only cryptocurrency, but it is the recommended place to start and the most frequently discussed. Certainly, we could get into the details of what cryptocurrency is, how it’s created and how it’s used, but I don’t believe that is the most judicious use of our time. What we can say is that cryptocurrency is a digital, virtual currency in which encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank. Due to its encryption, it is the preferred currency of those ransoming your data. In my experience, a typical amount of a ransom demand is usually between $2,500 to $5,000 (USD), assuming the ransom is paid early in the ransom demand period.
This leads us to a curious consideration – is there value in having a bitcoin account established as a type of set-aside account for use in cases of incursion and ransom for either your firm or a client’s data? I was recently speaking with an insurance group who handles cyber insurance and found they now provide a service of guiding their clients through establishing a bitcoin account in order to release ransomed data. Why wouldn’t/couldn’t a law firm have a set aside bitcoin account for themselves or provide such a service for clients?
Is paying a cyber-criminal their ransom the only thing you can do with your bitcoin account? No. This is a brokered asset, and like any asset that you would have it could very well grow … or lose… substantially in value.
Once the transaction is completed, hopefully the files have been restored. Does any of this mean that you should not forensically try to find out who perpetrated this evil on you? Absolutely not. Should any of this ransom demand come through servers in the United States, then the FBI can become involved.
Should you be attacked, feel free to contact us and we can guide you in the correct direction. Time is of the essence. Finding out where and how the cyber-criminals broke in will assist your IT department in determining any security holes which exist and how best to secure your technology and data. Randall William Zinn