To prevent servers and computers from being encrypted with Bitcoin-demanding ransomware, major US corporations are purchasing Bitcoin to make sure they quickly react to malware encryption.

Since early 2016, a time lock system for Bitcoin ransomware has become quite popular. Designers and developers of ransomware purposely include a time frame, usually one week, to pressure victims into paying Bitcoin ransom.

Ransomware principles

Despite the emergence of readily accessible cloud-based platforms, many companies, particularly large-scale corporations, still operate local servers, databases and computers to store important data. Corporate data, including the personal information of users, financial data of clients and confidential company documents, are stored in these local servers which are vulnerable to ransomware or malware attacks when connected to the Internet.

Ransomware can be deployed or installed onto servers or devices through a wide range of methods. The most popular method of ransomware deployment is the mass distribution of malicious URLs and files, which automatically installs ransomware to a particular device if the user downloads or opens the URL. Then, the ransomware runs in the background of the server and device, encrypting every piece of information in the device.

Bitcoin ransom wallets

Pogue, Chief Information Security Officer of Nuix, an information management technology company, says companies are opening Bitcoin wallets and purchasing Bitcoin in case company servers or computers are compromised with ransomware encryption. Companies with larger sets of important financial or personal data are considering Bitcoin as a crucial and necessary response method.

According to Pogue, thousands of US companies have already set up Bitcoin wallets and purchased the digital currency to pay ransom to Bitcoin-demanding ransomware distributors. Since their servers and devices contain sensitive material which is valuable to their clients, Pogue explained that companies are taking this strategy very seriously.

Pogue writes:

“A lot of companies are doing that as part of their incident response planning. They are setting up Bitcoin wallets.”

However, Paula Long, CEO of DataGravity, noted that the strategy of acquiring Bitcoin to prevent ransomware attacks can be a moral dilemma for many companies, as they are purposely purchasing the digital currency to support cyber criminals.

Helping the bad guys

While the FBI and other law enforcement agencies encourage companies not to settle Bitcoin ransom as it is guaranteed that the criminals or ransomware distributors will send decryption keys to their victims, Long believes it is the responsibility of the company to secure corporate data for their clients and partners.

“It’s a moral dilemma. If you pay, you are helping the bad guys. You can’t go to the moral high ground and put your company at risk,” said Long.

Since the rapid development of ransomware, companies and analysts have started to claim that the intent of ransomware distributors are always negative. But, in some rare cases, there have been ransomware developers who spread Bitcoin-demanding ransomware in order to help people in need.

There were also cases in late December of ransomware distributors providing free decryption keys to victims who are running businesses to help others in need. For instance, an individual going by the online alias “SwervinErvin” received a free decryption key from a ransomware developer after sharing his company’s mission of helping poor children.