How to Pay Ransom during a Ransomeware cyber attack in India ?The demand for ransom is illegal under the IPC, but not the payment. If business exigencies require, ransom may have to be paid under duress. even Section 37 of the income tax Act in India will not come in the way of the claim for deduction of ransom money. Commissioner of Income Tax Vs M/s Khemchand Motilal Jain (Madhya Pradesh High Court (2011))
There are also companies that swoop in at the last minute to handle the logistics. companies like CyberSecOp, DigitalMint, are a full-service, final-mile crypto broker.They are at the end of the process
They hired specialists, after the forensic consultants, the company, and stakeholders have all made the determination victims have exhausted all their options and that paying the ransom from an economics perspective is the best way to move forward. That’s when they come to companies like CyberSecOp, digitalmint in order to help them acquire crypto at any time of day or night,
In the space of 30 to 60 minutes from initial contact, these companies are able to make the ransom payment for the victim. This includes vetting the hacker to make sure they aren’t tied to a U.S.-sanctioned country and going on the open market, order books and exchanges to acquire the cryptocurrency needed to pay the ransom.
They say that 90% to 95% of ransoms are paid in bitcoin, but monero is an increasingly popular option. Monero is considered more of a privacy token and allows cybercriminals greater freedom from some of the tracking tools and mechanisms that the bitcoin blockchain brings.
Since January 2020, DigitalMint alone has facilitated more than $100 million in ransomware settlements with a median payment of $800,000.
Last year, crypto ransomware payments overall more than quadrupled from 2019 levels to $350 million, according to Chainalysis, that figure is likely understated. But the true number may be closer to $1 billion.
In April, a task force including Amazon Web Services, Microsoft, the FBI and the Secret Service, among others, delivered recommendations to the White House on how to fight the ransomware threat. On the question of whether to ban payments to attackers, the group of more than 60 members was split.
Part of the problem is that the threat actors are getting greedy at pricing their ransom demands.
If they ask for too much, forensics goes through their feasibility studies and says, ‘Well, that’s too much. Let’s just rebuild our systems, take a risk, and not pay for it,’
At a certain point, it is more economically viable to just pay the ransom rather than hemorrhaging cash due to paralyzed operations.
Bitcoin is the most popular currency demanded by ransomware attackers, but other cryptocurrencies they have dictated include Ethereum, Zcash, and Monero.
Other methods
The first step is to contact your organization's bank to determine if they transfer funds to a cryptocurrency exchange, and if there are any limits.
Then set up an account with a cryptocurrency exchange such as CoinDCX or WazirX, or on coinbased which is FDIC-insured for up to $250,000 held in US currency in a custodial account. Once the US dollars are exchanged for digital currency, Coinbase insures the digital currency should its system be breached, but does not insure the breach of an individual account, according to its website.
Once you create a cryptocurrency exchange account, have your bank transfer/wire its government-issued currency into the wallet or custodial account. From there, you can purchase some cryptocurrency to hold in a digital wallet or custodial Coinbase account.
But you may want to think twice before buying and holding cryptocurrency in custodial accounts because the value of this currency can be highly volatile.
To seed a cryptocurrency exchange account or Coinbase account in advance of any ransomware attack, you must open an account with one of the cryptocurrency companies such as Bitcoin, Zcash, Ethereum, or Monero.
For Small Ransom Payments, Go to a Bitcoin ATM
Using a Bitcoin ATM is faster than purchasing Bitcoins online, says Neal Conner, a customer service manager for Bitcoin ATM manufacturer Lamassu, which has 300 machines across the globe through independent operators.
These ATM machines are cash-based, no [credit or debit] cards or bank accounts are required. If you're buying online, they certainly are from the brokerage or exchange you are purchasing them from. With online methods of purchasing Bitcoins, most users have to go through registration, verification, and linking of credit cards or bank accounts, a cumbersome process, especially if you have cash and just want Bitcoin immediately.
First, download a Bitcoin mobile wallet app on the Bitcoin site for Android or iOS Phone.
The wallet allows you to access one of the growing network of Bitcoin ATM machines, such as Coinucopia. The Bitcoin wallet app for Android or Breadwallet for the iPhone, for example, work with this particular ATM, for example. Next, download an app for reading QR codes. The ATM reads the wallet information via its QR code displayed on the phone.
The Coinucopia ATM can accept a minimum of $5 to a maximum of $3,000 per transaction, which will then be converted into Bitcoin and loaded onto the phone's Bitcoin wallet. The maximum daily amount that can be purchased for a Bitcoin wallet account is $10,000.
Once the money is loaded onto the digital wallet, the ransomware address can be entered onto your smartphone and the payment sent.
Pay via an Online Cryptocurrency Account
If just a limited number of machines or devices are hit with ransomware, online payment may be a good option.
The decision to use an online cryptocurrency service verses a Bitcoin ATM machine largely depends on the comfort level of the person handling the transaction.
Depending on the cryptocurrency exchange service, a cap generally exists on the amount of Bitcoin, Monero, or other type of cryptocurrency that can be purchased per transaction.
For example, a cap of $5,000 per transaction to purchase Bitcoin or to convert Bitcoin to Monero would require you to execute the purchase process 14 times if you have 50 computers and devices infected with ransomware and a ransom demand of $1,400 per machine. That would total a $70,000 purchase in digital currency, and potentially exceed the daily allotment per account that is available.
Depending on the type of cryptocurrency the attacker demands - Bitcoin, Monero, Zcash, or Ethereum - the type of account you would need to get and number of services differs.
If a ransom demand is in Monero, for example, you need a Monero digital wallet. Additionally, you need to sign up for a digital currency converter service such as ShapeShift, because a number of cryptocurrency exchanges do not accept Monero directly, Spagni explains. You would also need to sign up for a cryptocurrency exchange to purchase the Bitcoin, which would then be converted to Monero using ShapeShift.
Signing up for a digital wallet, cryptocurrency exchange, and digital currency converter service, can take longer to execute a transaction than using a Bitcoin ATM.
Final Advice
Try to Convince decision makers Not to Pay the Ransom
Don't give up hope that your CEO or board of directors will have a change of heart and give up on paying ransom.
Tell them the main reason not to pay: it doesn't necessarily not guarantee access to the locked files, sometimes even cybercriminals don't know the decryption key coz ransomeware seller never sold the decryption key to the cyber criminal.
Sane advice: Don't pay the ransom. Once you do, they may keep coming back for more. That's like Kidnapping. The other thing is that if other cyber criminals in this space know you pay, then they, too, will hit you up next.
