
Are businesses stockpiling Bitcoins in case of ransomware? If so, they shouldn’t - davidgerard
https://davidgerard.co.uk/blockchain/2017/09/13/are-businesses-stockpiling-bitcoins-in-case-of-ransomware-maybe-a-few-but/
======
jaclaz
>Telstra’s Cyber Security Report 2017 (PDF) echoes that last point — “Our
research found that nearly one in three of the organisations who paid a ransom
did not recover their files.”

Yep, which plainly means that in 2/3 of cases paying the Ransomware actually
allowed recovery.

So, _you_ are in desperate need and you have 66% chances that by paying a
little amount of money (proportional to the size of your operations) you can
resume operations, what will _you_ do?

>You are vastly better served by proper backups. If you use Windows, keep up
with security updates. You want to be in a state where if your machine is
ransomwared, you can wipe it and start afresh, and lose no more than a few
hours’ work. It is not about being "better served", there is not only
Ransomware, there are much more common software or hardware "catastrophic"
failures, for which a good backup strategy is useful.

Still the point is that if you had this valid backup strategy you wouldn't be
debating on whether to pay or not to pay the Ransomware.

And sure the FBI advises against paying the Ransomware, but besides being
debatable if a US Governmenet Agency advice is suitable and should be followed
in the UK, "their" (the FBI's) operations are NOT affected by the Ransomware
that encrypted _your_ data, and I doubt that the GI guys actually care much
about _your_ activities being completely paralyzed.

Everyone is good at this kind of advice, as long as the data compromised is
_your_ data.

Whether 33% or 42%of UK companies actually bought some amount of Bitcoins is
unknown, and certainly the (scarce) data comes from a non-independent source,
makes it debatable, but that's it.

------
celticninja
>quite often you dont get the decryption key anyway

I'm not sure this is correct, aside from the larger poorly organised attacks
the majority of Ransomware does successfully decrypt, this is what ensures a
good return for the Ransomware developer.

