A company that pays Bitcoin ransoms on behalf of its customers explains to Coin Rivet why it’s better to do this than to see small businesses effectively destroyed over relatively small financial demands.
Bill Siegel (pictured, right) is the CEO and co-founder at Coveware, which he founded just six months ago. He points out that ransomware attacks can sometimes force firms to shut down and make employees lose their jobs, a far worse outcome than paying a few hundred dollars to the criminal gangs who operate such outfits.
The firm was set up for “strategic, moral and ethical reasons” and they help small businesses for free. The ultimate raison d’etre is to end the menace of ransomware. He admits it may “seem counterintuitive” to have such a mission, while on the other hand helping companies pay ransomware. But it makes sense.
A major shortcoming he’s identified is the dearth of hard, real-time case data. Most ransomware data is gleaned from backwards-looking surveys of IT professionals which are “anecdotal or stale.” Only a tiny proportion of incidents are reported and he likens it “to a car insurance company writing policies without studying car crash data”.
Hopping into the trenches
So, what Coveware do is “hopping into the trenches” as he puts it in order to “help victims through incidents.”
The use of ransomware is “extremely prevalent and has a disproportionate effect on small businesses.” The associated downtime following an attack “shaves 7.5 % off Gross Domestic Product and 75% of small businesses affected are existentially damaged and brought to the brink of failure as a result,” he adds.
“It is a terrible way for a company to end and a business owner can be faced with a decision on something they’re morally opposed to but really financially it can be inconsequential compared to having to fire employees.”
On a regular basis, Coveware shares subsets of data with law enforcement agencies such as the FBI – with the client information redacted. The law enforcement agencies then have the opportunity to try and triangulate it to track down the criminals.
‘Two cats were let out of the bag’
The growth of cryptocurrency has clearly made ransomware attacks easier and it’s what he describes as a world where “two cats were let out of the bag which has caused this global epidemic.”
“You have the anonymous payments of cryptocurrency which are hard to trace and the cheap commoditized toolkits that you don’t need to be technically sophisticated to create malware which leads the criminals into business.”
His mission is simple – to end the scourge of ransomware. His means may seem unusual but if you think about it a bit, it really does start to add up.
“I do not want to see these businesses fail and that’s why we are trying to make a proactive difference.”
They have a 100% success rate on the decryptor tool around encrypted data and a full data recovery rate of about 98%. He admits the decryptor tools are “extremely buggy and difficult to work with” but their success rate is extremely high.
The firm also runs an anti-money laundering compliance programme internally, developed from Siegel’s previous jobs at SecondMarket where he ran a regulated broker dealer.
He acknowledges there will be a time when they are scammed ie a payment results in a default. But this is counterproductive for the criminal businesses as word will quickly get round that “they did not deliver” with the threat so they lose credibility.
It is also worth reflecting that there are hundreds of ransomware types circulating. Just a few weeks ago, they helped a wrecking company in Texas, USA, whose servers and files had become encrypted.
Their servers had been down for two days when they contacted Coveware and they had no idea who to turn to for help. Siegel and his team negotiated the ransom down by 80% within 36 hours, helping them facilitate a secure cryptocurrency payment.