Ransomware is running rampant. The SonicWall GRID Threat Network detected an increase from 3.8 million ransomware attacks in 2015 to 638 million in 2016. According to a Radware report, 49 percent of businesses were hit by a ransomware attack in 2016. Quite often the attacker asks for some amount of cybercurrency \u2013 usually Bitcoin \u2013 in exchange for providing a decryption key.\n\nOne question this raises is whether ransomware attacks would decrease if Bitcoin ceased to exist? Security experts answer that question with a resounding \u201cno\u201d, indicating that cybercriminals would just move on to another anonymous payment method to continue their extortion.\n\n"Getting rid of Bitcoin to stop ransomware would be like the U.S. Government getting rid of $100 bills to try to stop drug dealers from laundering their dirty money. It\u2019s not the right solution. Would it momentarily create a bump in the road for cyber attackers who are making millions off of ransomware? Absolutely, but only for a fleeting moment,\u201d said Richard Henderson, global security strategist at Absolute.\n\nHe added that attackers will just switch to any of the dozens of other popular virtual currencies, or switch to other easily launder-able instruments like prepaid credit cards. \u201cRemember, the GreenDot MoneyPak was a favorite among cybercriminals not too long ago. Attackers will just find another way to get paid.\u201d\n\nWhile paying the ransom is highly discouraged, many of the security experts said the only way to seriously reduce ransomware is through user education.\n\n\u201cWe\u2019re not going to get rid of ransomware easily. As long as people continue to struggle to keep their devices fully-patched and protected, and as long as people continue to open attachments they shouldn\u2019t or click on links they probably shouldn\u2019t, attackers are going to be able to infect machines,\u201d Henderson said.\n\nHe said the most pragmatic solution to ending the ransomware scourge is to teach people the most basic principles of security hygiene: don\u2019t visit sites that you suspect may be malicious or impostors, patch your machines the moment an update becomes available, and stop opening attachments in your email.\n\n\u201cIf you\u2019re not expecting a spreadsheet from your brother or aunt, don\u2019t open it. Call them and ask them if they sent it to you. Courier companies are not going to email you out of the blue with an urgent tracking update. Your bank or PayPal are not going to email you asking you to \u2018confirm your information\u2019. And perhaps most importantly, you must have cold backups of the files and data most important to you. We\u2019ve been reminding people of this for as long as I could type\u2026 long before malware became a serious issue,\u201d he said.\n\nWhile eliminating Bitcoin won't solve the ransomware problem, it is worth identifying what makes Bitcoin so popular among criminals. Think of Bitcoin as a \u2018superpower\u2019 in the hands of criminals. It enables anonymous payments. You cannot trace who paid, or who was paid. Also, of course, it is an entirely digital payment scheme, and anybody can get an account \u2013 or two, or three, or a hundred \u2013 and nobody would be the wiser.\n\nMarkus Jakobsson, security researcher and chief scientist at Agari, said while getting rid of Bitcoin could certainly slow ransomware attacks, he does not think it is a very plausible goal. \u201cToo many people use it and profit from it in legal ways. Bitcoin has a life of its own, as do the principles underlying it. If it were to somehow be shut down, a derivative would soon pop up.\u201d\n\nHe instead wants to dig a bit deeper into the cybercriminal psyche. \u201cBy understanding the likely nature of attacks, other countermeasures can be built. The optimal solution is to block Bitcoin abuse, rather than trying to block Bitcoin itself.\u201d\n\nIf not Bitcoin, what?\n\nConsidering the number of alternative currencies available (such as Monero, Litecoin, Ether, Dogecoin), even if you get rid of Bitcoin there are still over two dozen other cryptocurrencies that can be used, said Daniel Smith, security researcher at Radware. He added that ransomware existed before cryptocurrencies. Back in 1989, it was called PC Cyborg or AIDS Trojan. Criminals used traditional transfers or gift cards back then.\n\nRyan Kalember, senior vice president of cybersecurity strategy at Proofpoint, said since Bitcoin is a decentralized cryptocurrency, it\u2019s not possible to get rid of it. What did contribute substantially to the rise of ransomware was an increase in the consumer-friendliness of Bitcoin, which is now just a few clicks away like any foreign currency.\n\nScott Miserendino, chief data scientist at BluVector, said Bitcoin is a technology of convenience for the ransomware operators. If it is removed it would be replaced. \u201cThese extortion schemes existed long before Bitcoin. While Bitcoin has fueled their spread, I don't think that spread can be pushed back simply by removing one payment option now that criminals are widely aware of the effectiveness of the ransom mechanism.\u201d\n\nFlorin Lazurca, senior technical manager at Citrix, said \u201cunfortunately, the horse is out of the barn on Bitcoin and ransomware, as it is just one of many semi-anonymous payment channels. While it would slow down the scale of attacks, removing automated and unattended transactions, any transfer-of-value method lacking 'know your customer' standards will fill the void. We would have to eliminate cash and other digital currencies such as WebMoney.\u201d\n\nLance James, chief scientist at Flashpoint, said that while many ransomware campaigns use Bitcoin to affect a transaction, this is a case where correlation does not imply causation. It happens to be a popular method in the public campaigns of late, but if you look back to CryptoLocker in 2013-2014 (the first heavy hitter ransomware) the operators were estimated to be making an average of $30 million in three months which was paid used moneypak cards.\n\n\u201cIn fact Bitcoin can actually be an inhibitor to the success of ransomware campaigns, since the average victim likely doesn\u2019t understand how to use Bitcoin or how to transfer money to Bitcoin currency,\u201d James said. \u201cIn fact, ransomware operators try to create as little friction in their campaigns as possible, going as far as to keep ransom amounts low to dis-incent users from seeking professional assistance to unlock their data as the services would likely cost more than the ransom. The operators make it up in high volume of attacks.\u201d\n\nJames cited the recent emergence of \u201ccrimeware-as-a-service,\u201d which allows someone with a lower tech IQ to simply buy resources online to cause havoc.\n\nBoaz Shunami, CEO and co-founder of KomodoSec, said getting rid of Bitcoin isn\u2019t going to have any effect whatsoever on the spread of ransomware. Ransomware is big business on the dark web, he said. \u201cIt\u2019s a standard, tactical tool in the cybercrime arsenal and one of the most profitable. You can actually buy ransomware-as-a-service.\u201d\n\nExtortionists and malicious actors are nimble and will go to great lengths to find other forms of anonymized digital currencies or ways of masking their nefarious activity, said Simon Taylor, vice president of product at Glasswall. \u201cIn general, ransomware will continue to evolve, as will the tactics to maintain anonymity and securely transferring money.\u201d\n\nTake down Bitcoin from the top?\n\nSatoshi may not even be a singular person, and even if he or she could be tracked down, they are so far removed from what Bitcoin has evolved into in recent years that unmasking him won\u2019t close Pandora\u2019s Box, experts say.\n\nIt has been a mystery who actually runs Bitcoin. According to Wikipedia, the actual creator(s), is known only by a pseudonym - Satoshi Nakamoto. Many investigative reporters have tried to track down the mastermind of the cybercurrency to no avail.\n\n"Getting rid of Bitcoin from the inside would require a high level of centralization and collusion of the mining power essentially destroying trust in the system along with investments made. Getting rid of Bitcoin from the outside would require getting rid of the internet,\u201d said Lazurca.\n\nNakamoto has claimed to be a man living in Japan, born around 1975. However, speculation about the true identity of Nakamoto has mostly focused on a number of cryptography and computer science experts of non-Japanese descent, living in the United States and Europe. One person, Australian programmer Craig Steven Wright, has claimed to be Nakamoto, though he has not yet offered proof of this, according to Wikipedia.\n\n\u201cUltimately, it doesn\u2019t matter who the founder was. Bitcoin is an 'open source' idea now. It is decentralized and we all know how it works, so its creator really has no power over the system,\u201d said Corey Nachreiner, CTO of WatchGuard Technologies. "We\u2019ll probably learn for sure who the creator is one day, but I don\u2019t think it will change much. Cryptocurrency will continue to evolve and we\u2019ll see others use public blockchains for alternative uses as well.\u201d\n\nSecurity officials believe focusing on Bitcoin is just wasted energy. One security exec mentioned focusing on The Bitcoin Foundation instead to discuss changes to the cryptocurrency standard.\n\nThe premise behind Bitcoin is that the system is not reliant on a central authority. Because of that, and the fact that it is a peer-to-peer banking system that acts independently from any one person, it\u2019s hard to think that identifying or getting the cooperation of the Bitcoin founder would lead to the end of Bitcoin.\n\nTroy Gill, manager of security research at AppRiver, agrees that searching for an individual would not be of much benefit in the grand scheme of things. \u201cI think efforts would be better spent by law enforcement agencies to develop some form of backdoor that would allow them to easily associate Bitcoin wallets to actual users.\u201d\n\nDavid King, director of solutions marketing at Commvault, said in the fight against ransomware, focusing on Bitcoin is like tilting at windmills. \u201cThe real dragon we need to take on is enterprises\u2019 reluctance to implement holistic data management strategies to secure, govern and backup all their data. If we defeat this dragon, the ability of cybercriminals to profit from ransomware attacks will fall, and so will their attacks.\u201d\n\nHow to tackle ransomware\n\nThere were a few main themes these security execs raised about how to decrease the amount of successful ransomware hits: user education, have a backup plan and non-payment.\n\nRansomware is certainly a plague on information-based enterprises everywhere, Miserendino said. Detection and prevention is still the best medicine but ransomware also needs to be publicly cast in the same light as gang\/mafia extortion schemes of the past (and current day). The only proven effective approach is the victims need to stop paying the criminals.\n\nAccording to Identity Theft Resource Center, there was a significant rise in ransomware attacks in 2016. The FBI shared that ransomware victims paid a total of $209 million in the first quarter of 2016 in order to get their data back.\n\n\u201cFirst and foremost, companies and individuals targeted with ransomware need to stop paying. I know this is easy to say when you aren\u2019t the victim. In cases where the victim is a hospital providing critical care, the decision is very difficult,\u201d Nachreiner said. \u201cNonetheless, it\u2019s victims giving in to extortion that has made ransomware such a valuable business model for cybercriminals. They focus on ransomware because it successfully makes them money. If you remove that profit, they will move on.\u201d\n\nA disaster recovery and business continuity plan would include quick recovery from any attack or disaster.\n\nThere are many ways of infecting an organization with ransomware, but the easiest way to bypass hundreds of thousands, even millions of dollars\u2019 worth of security investments is by playing on the weakest link of the cyber defense chain \u2013 the human, Taylor said.\n\n\u201cWe continually see that email attachments are the primary attack vector for cyber criminals and that 97 percent of malware is unique to the target endpoint, rendering signature-based technologies useless,\u201d he said. Glasswall\u2019s research shows that organizations relying on the identification of macros can miss 45 percent of other malware in documents, such as Excel and Word, giving attackers all they need to extort the target organization.\n\nIt always comes back to user education. Users aren\u2019t quite catching on as quickly as most would hope. The Ponemon Institute reported in a study released last month that 48 percent of businesses victimized by ransomware said they paid.\n\nJens Monrad, senior intelligence analyst at FireEye, said ransomware has evolved the way it has because many victims pay the ransom as they are not in the position where they can restore the encrypted data. Many of these organizations often lack internal procedures for backing up data.\n\n\u201cDo not underestimate the importance of strengthening your human firewall by continuously training employees to recognize and avoid common threats,\u201d SonicWall President and CEO Bill Conner said. \u201cThe most common ransomware variant in 2016, Locky, was typically delivered to an unsuspecting employee via email under the guise of a vendor invoice. If employees had been educated on this malicious tactic and known not to open these attachments, ransomware attacks would not have been nearly as successful over the last year.\u201d\n\nJames said high public awareness drives up appreciation of backing up systems regularly and having data remotely and securely stored in more than one place. \u201cSince the incentive to already protect your data is a familiar message for today's age, it will eventually come to down to outliers that get hit and can't recover will be few and far between probably within one to two years from now.\u201d\n\nMake sure the system you\u2019re using to back up your data requires authentication or is not always online,\u201d SonicWall\u2019s Conner said. \u201cOtherwise, if you\u2019re hit with ransomware, you may find yourself reverting to an encrypted backup.\u201d\n\nNachreiner said modern defenses can keep the majority of ransomware out of organizations. Basic firewall and antivirus are not enough in today\u2019s threat landscape. However, modern security controls include things like advanced threat prevention solutions, which use behavioral analysis to find new strains of ransomware, and even threat detection and response tools, which can identify malware as it runs on your host, and in many cases can stop it from encrypting files.\n\nJason Haddix, head of trust and security at Bugcrowd, said that prevention and impact reduction are the key. Strong security fundamentals on both the perimeter network and on the endpoint are a good defense. Cyber insurance can reduce the risk as well.\n\nKalember noted that some ransomware now tries to encrypt backups first, so proper security configurations are essential for the backup infrastructure itself.\n\nAlvaro Hoyos, chief information security officer at OneLogin, also cited better end user education. \u201cRansomware is just piggybacking on social engineering attacks that have been around for almost as long as email. Technical safeguards can help reduce the number of ransomware attacks that show up in your inbox, but it\u2019s really the end users that you need to leverage to reduce the success of these attacks. Therefore, if there are no line items in your security budget for security awareness training and tools, then you are simply not doing enough.\u201d\n\nZohar Alon, co-founder and CEO of Dome9, said weak security practices and user errors are at the heart of rising ransomware and data-jacking attacks. To get rid of the threat of ransomware, organizations need to start with strong multi-layered defense. For example, in cloud environments, this means investing in foundational technologies such as tools for configuration and vulnerability management, network segmentation and traffic visibility, as well as anti-virus and vulnerability shielding.\n\nMonzy Merza, head of security research at Splunk, said that effective ransomware defense is a combination of preparation, analysis and response. And each aspect has elements of people, process and technology. There\u2019s no silver bullet for ransomware.\n\n\u201cDefending against ransomware is not very different than defending against any threat that might impact your business. Standard cyber hygiene best practices such as identifying critical assets, having a mitigation plan, auditing user permissions, good patch management, or maintaining good backups are all important here, as they are for any threat vector,\u201d Merza said.\n\nPotential hardware failure was always a possibility, and for most people it only needed to happen once before they got in the habit of backing up their data, Henderson said. \u201cStorage is almost free today on a per-GB basis, there\u2019s no excuse anymore for not having a small high-capacity USB drive that you plug in, back up your critical and irreplaceable files, and put in your desk. If you have that insurance policy (and it\u2019s the cheapest insurance you can buy), even if in a moment of carelessness, you won\u2019t need to pay the ransom. No more ransoms being paid by victims? Attackers will find new ways to make their cash."