Cyber security

Global cyber-attack

Almost half of extortion attempts demand payment in Bitcoin

As institutions around the world deal with the fallout from a global cyber-attack, figures from Grant Thornton International Ltd. reveal that almost half of all instances of businesses facing extortion during a cyber-attack are met with a demand to pay ransom in the form of Bitcoin. Many of the victims of this most recent attack have faced a demand to pay using the virtual currency.

Grant Thornton’s International Business Report (IBR) shows that globally, nearly one in five businesses (17%) that have faced a cyber-attack in the last 12 months have been subjected to extortion or blackmail attempts. In almost half (46%) of these cases some or all the money was demanded in Bitcoin.

Vijay Rathour, partner and head of digital forensics group at Grant Thornton UK LLP, commented: “Bitcoin is the currency of choice for cyber-criminals. For groups and individuals seeking to exploit businesses’ digital weaknesses, the rise of virtual currency must seem like the perfect opportunity. The anonymous nature of Bitcoin using sophisticated encryption allows cyber-criminals to conceal their identities while receiving funds.   

“Business leaders need to understand the implications of cyber-crime and paying ransoms in Bitcoin. It is anonymous, virtually untraceable, and it supports global criminal activity and terrorism.”

Manu Sharma, director and head of cyber security and resilience at Grant Thornton UK LLP, added: “Cyber-crime must be combatted from a number of angles, all the way from prevention through to shutting down the mechanisms to launder the proceeds. The prevalence of Bitcoin in the cyber world must be a cause of concern to regulators, policy makers in financial regulation, compliance professionals, and genuine users of Bitcoin.”

“Businesses should be looking to confront, rather than submit to, the demands of cyber-criminals. As the nature of the cyber threat continues to evolve, a strong culture of risk management must be embedded across any business, coupled with suitably robust preventative measures to ensure you’re ‘breach ready’. It is not just about training staff or hiring experts to deal with cyber-attacks, but also creating an environment where firms can talk about cyber risks and share information. By having that culture in place and sharing experiences, firms stand a better chance of emerging from attacks with their finances and their reputation intact.”

For businesses affected by a cyber-security breach, and those looking to bolster their defences, Grant Thornton is offering the following guidance:

  • If you have been breached, Do NOT pay the ransom
    • There is no guarantee that the after payment, the files will be returned
    • There is also no guarantee that the a trace of the ransomware will still exist, leading to potential future ransoms
  • Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline
  • Maintain up-to-date anti-virus software
  • Keep your operating system and software up-to-date with the latest patches
  • Do not follow unsolicited web links in emails
    • Phishing attacks are the number one way for ransomware to affect systems from the internet
  • Use caution when opening email attachments

For more information on the global impact of cyber-crime.