{"id":555,"date":"2017-08-17T16:14:23","date_gmt":"2017-08-17T16:14:23","guid":{"rendered":"http:\/\/securitycurve.com\/?p=555"},"modified":"2017-08-17T16:14:23","modified_gmt":"2017-08-17T16:14:23","slug":"bitcoinransomwareprep","status":"publish","type":"post","link":"https:\/\/securitycurve.com\/?p=555","title":{"rendered":"Buying Bitcoin to prep for Ransomware?"},"content":{"rendered":"<p><img decoding=\"async\" class=\"alignright lazyload\" data-src=\"https:\/\/media.defense.gov\/2009\/Nov\/18\/2000429928\/670\/394\/0\/091118-F-1234S-001.JPG\" width=\"383\" height=\"220\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 383px; --smush-placeholder-aspect-ratio: 383\/220;\" \/>In &#8220;sublime to ridiculous&#8221; news, I saw <a href=\"https:\/\/www.cnbc.com\/2017\/08\/15\/companies-are-buying-bitcoin-to-pay-off-hackers-says-cyberark-ceo.html\">this article<\/a> detailing a recent conversation between Jim Cramer (yes, that Jim Cramer) and CyberArk&#8217;s CEO Udi Mokady in reference to organization hoarding Bitcoin to use for ransomware purposes.<\/p>\n<p>It&#8217;s not the first time this has come up: Citrix <a href=\"http:\/\/www.nbcnews.com\/storyline\/hacking-of-america\/companies-stockpiling-bitcoin-anticipation-ransomware-attacks-n761316\">weighed in<\/a> on it, as <a href=\"https:\/\/cointelegraph.com\/news\/us-corporations-are-buying-bitcoin-to-quickly-resolve-ransomware-attacks\">did Nuix<\/a>, et cetera, et cetera. \u00a0In fact, Jim Cramer alone has now discussed this exact topic with multiple tech and security CEO&#8217;s (not that I follow Jim Cramer, but I do follow cryptocurrency news.)<\/p>\n<p>Anyway, the Jim Cramer thing suggested to me that maybe it was time to weigh in on this. \u00a0Because I&#8217;m sure that it&#8217;s true that people are stockpiling BTC for this purpose. \u00a0I will tell you that I don&#8217;t know of anyone doing it personally, but I&#8217;m sure it&#8217;s happening (because it seems like the kind of thing people would do). \u00a0That said, stockpiling Bitcoin is, I think, a bit misguided. \u00a0Don&#8217;t get me wrong: I&#8217;m all about preparedness. \u00a0But there are a few reasons why I think this is not the best idea.<\/p>\n<p>First, there&#8217;s the logistics. \u00a0Doing this presupposes that attackers will always ask for BTC. \u00a0In the short term, this is probably usually true. \u00a0But isn&#8217;t it a better investment (assuming your intention is to pay the ransom &#8211; which I&#8217;ll get to in a minute) to set up a process to rapidly create a wallet (and transfer funds into it) rather than specifically buy and hold some unknown sum of a particular currency in the event that you might (maybe, possibly) need it at some point down the road? \u00a0Doing that, you&#8217;re subject to market fluctuations and you&#8217;re locking down funds that could be used for some other productive purpose while at the same time making guesses about some future attack that may or may not actually happen and for which your efforts may or may not be useful if it does (for example, if they request 10x the sum you have earmarked in ETH instead of BTC.)<\/p>\n<p>Put another way: do you have a slush fund to buy off international terrorists who kidnap your executives while traveling? \u00a0No, right? \u00a0Because you don&#8217;t know when or if this will happen or what kidnappers might happen to ask for if it does. \u00a0Really, does it make any more sense (logistically) since it&#8217;s BTC? \u00a0I&#8217;m not convinced it does.<\/p>\n<p>Then, there&#8217;s the issue of paying the ransom in the first place. \u00a0We all get it that this isn&#8217;t a good idea, right? \u00a0It&#8217;s like paying the kidnappers in the above example. \u00a0Only sometimes will you get what you want from the bargain &#8211; and the byproduct is that you announce yourself as a &#8220;soft target&#8221; \u00a0for their next attack. \u00a0Neither of those things is good. \u00a0A much better strategy (in my humble opinion) is to put your energies into mitigating the attack in the first place rather than paying off the bad guys for afterwards. \u00a0For example, you could put effort into ensuring that systems are resilient and data is recoverable. \u00a0Really, you should be doing this anyway. \u00a0It seems like asking yourself why it&#8217;s the case that you have data that you can&#8217;t recover should it get lost is a better strategy than figuring out the mechanics of how to pay off the person holding it hostage once you can&#8217;t recover it.<\/p>\n<p>Anyway, I get it why people would want to go down this path. \u00a0That part&#8217;s human nature. \u00a0But it seems to me that on some level it&#8217;s analogous to walking around &#8220;all day every day&#8221; with a can of paint and Spackle so you can fix the drywall in your house when the rain comes through the hole in your roof. \u00a0Yes, you could do that. \u00a0It makes some level of intuitive sense because it absolutely will rain eventually &#8211; and (because there&#8217;s a hole in the roof), the drywall will absolutely need repair when it does. \u00a0But what if you just fix the hole in the roof to begin with? \u00a0It could be that something happens where you get water damage anyway &#8212; in which case, you go buy some paint. But is the prep really worth the return when compared to fixing the root cause?<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In &#8220;sublime to ridiculous&#8221; news, I saw this article detailing a recent conversation between Jim Cramer (yes, that Jim Cramer) and CyberArk&#8217;s CEO Udi Mokady in reference to organization hoarding Bitcoin to use for ransomware purposes. It&#8217;s not the first time this has come up: Citrix weighed in on it, as did Nuix, et cetera, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4],"tags":[16,96],"class_list":["post-555","post","type-post","status-publish","format-standard","hentry","category-security","tag-bitcoin","tag-ransomware"],"_links":{"self":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/posts\/555","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=555"}],"version-history":[{"count":0,"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/posts\/555\/revisions"}],"wp:attachment":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=555"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=555"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=555"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}