Although Robert Herjavec , an investor on ABC 's `` Shark Tank , '' expects the price of bitcoin to `` skyrocket , '' he has no plans to personally buy any . That 's because as the CEO of cybersecurity firm Herjavec Group , he does n't want to support the growing trend of hackers using cryptocurrency . `` I ca n't invest in something that my enemy uses as funds , '' he explained on CNBC 's `` Squawk Alley . '' Indeed , `` If there was no cryptocurrency , much of the large hacks that we 're seeing today would n't exist , '' Herjavec told Money . As one example , Herjavec is concerned with the role cryptocurrency plays in ransomware attacks Attack.Ransom . `` Cryptocurrency permits anonymity , '' he explains to CNBC Make It . `` It 's a very popular form of payment for ransomware in particular . '' Ransomware is a type of software that locks or encrypts a computer user 's data and files , in affect holding it hostage . To release the information , a hacker will demand a ransom payment Attack.Ransom . Ransomware attacks Attack.Ransom increased 6,000 percent in 2016 from 2015 , according to a study from IBM Security . And in 2017 , 200,000 computers in 150 countries belonging to businesses , governments and even the U.K. National Health Service were impacted Attack.Ransom by the ransomware virus known as WannaCry . In that case , victims were told to make a payment Attack.Ransom in bitcoin to get their computers back . Hackers often demand the ransom Attack.Ransom be paid in cryptocurrency because it allows them to remain anonymous , Herjavec says . `` I can take over your computer or personal information , hold it for ransom Attack.Ransom , give you instructions on how to create a virtual wallet , force Attack.Ransom you to pay Attack.Ransom me , and you have no way of finding out who I am , '' Herjavec explains . That 's because a bitcoin wallet is only identified by a number , and `` payments are direct without a bank or credit card company acting as the middle man , '' Herjavec says . `` There is no money trail , so it 's very difficult to track back to an individual . '' With WannaCry , the hackers asked for Attack.Ransom $ 300 worth of bitcoin from victims , and if they waited over 72 hours to pay Attack.Ransom , the fine increased to $ 600 . If they waited a week , their information would be locked for good . The Trump administration pointed to North Korea as the originator of the attack . In 2016 , ransomware was used to coerce Hollywood Presbyterian Medical Center , a hospital in Los Angeles , to pay Attack.Ransom 40 bitcoin to hackers , The New York Times reports . That sum was then worth $ 17,000 . Bitcoin closed at $ 10,779.90 on Tuesday , March 6 , according to CoinMarketCap , which makes those 40 coins worth about $ 431,196 . To protect yourself from ransomware attacks Attack.Ransom , take steps to secure your online information . `` Keep your computer and data safe by backing up often , using cloud services with dual factor authentication and complex passwords , '' Herjavec suggests . `` Have anti-virus [ software ] installed and kept up to date . ''

There ’ s no question that Friday ’ s WannaCry ransomware attack Attack.Ransom , which spread like wildfire , was bad . Its ability to spread like a worm by exploiting a Microsoft vulnerability was certainly new ground for a ransomware campaign . But along the way , there ’ s been a lot of fear and hype . Perspective is in order . Here ’ s a look at the latest in Sophos ’ investigation , including a recap of how it is protecting customers . From there , we look at how this fits into overall attack trends and how , in the grand scheme of things , this doesn ’ t represent a falling sky . With the code behind Friday ’ s attack in the wild , we should expect copycats to cook up their own campaigns in the coming days to capitalize on the money-making opportunity in front of them . Over the weekend , accounts set up to collect ransom payments Attack.Ransom had received smaller amounts than expected for an attack of this size . But by Monday morning , the balances were on the rise , suggesting that more people were responding to the ransom message Monday . On Saturday , three ransomware-associated wallets had received 92 bitcoin payments Attack.Ransom totaling $ 26,407.85 USD . By Sunday , the number between the three wallets was up to $ 30,706.61 USD . By Monday morning , 181 payments Attack.Ransom had been made totaling 29.46564365 BTC ( $ 50,504.23 USD ) . Analysis seems to confirm that Friday ’ s attack was launched using suspected NSA code leaked by a group of hackers known as the Shadow Brokers . It used a variant of the Shadow Brokers ’ APT EternalBlue Exploit ( CC-1353 ) , and used strong encryption on files such as documents , images , and videos . A perfect attack would self-propagate but would do so slowly , randomly and unpredictably . This one was full throttle , but hardly to its detriment . Here we had something that spread like wildfire , but the machines that were impacted Vulnerability-related.DiscoverVulnerability were probably still susceptible to secondary attacks because the underlying vulnerability probably hasn ’ t been patched Vulnerability-related.PatchVulnerability . The problem is that exploit and payload are separate . The payload went fast and got stopped , but that ’ s just one of an infinite number of possibilities that can spread through the unsolved exploit . Companies still using Windows XP are particularly susceptible to this sort of attack . First launched in 2001 , the operating system is now 16 years old and has been superseded by Windows Vista and Windows 7 , 8 and 10 upgrades . It remains to be seen who was behind this attack . Sophos is cooperating with law enforcement to provide any intelligence it can gather about the origins and attack vectors . The company believes initial infections may have arrived via an email with a malicious payload that a user was tricked Attack.Phishing into opening . Sophos continues to update protections against the threat . Sophos Customers using Intercept X and Sophos EXP products will also see this ransomware blocked by CryptoGuard . Please note that while Intercept X and EXP will block the underlying behavior and restore deleted or encrypted files in all cases we have seen , the offending ransomware splash screen and note may still appear . For updates on the specific strains being blocked , Sophos is continually updating a Knowledge-Base Article on the subject . Meanwhile , everyone is urged to update their Windows environments as described in Microsoft Security Bulletin MS17-010 – Critical . For those using older versions of Windows , Microsoft has provided Vulnerability-related.PatchVulnerability Customer Guidance for WannaCrypt attacks Attack.Ransom and has made the decision to make the Security Update for platforms in custom support only – Windows XP , Windows 8 , and Windows Server 2003 – broadly available for download Vulnerability-related.PatchVulnerability . As severe as this attack was , it ’ s important to note that we ’ re not looking at a shift in the overall attack trend . This attack represents a merging of old behaviors into a perfect storm . SophosLabs VP Simon Reed said : This attack demonstrates the opportunistic nature of commercial malware authors to re-use the most powerful of exploit techniques to further their aims , which is ultimately to make money . In the final analysis , the same advice as always applies for those who want to avoid such attacks . To guard against malware exploiting Microsoft vulnerabilities : To guard against ransomware in general : Finally , there ’ s the question of whether victims should pay the ransom Attack.Ransom or stand their ground . Sophos has mostly taken a neutral stance on the issue . In the case of this attack , paying the ransom Attack.Ransom doesn ’ t seem to be helping the victims so far . Therefore , Levy believes paying the WannaCry ransom Attack.Ransom is ill-advised : In general , paying Attack.Ransom is a bad idea unless the organization is truly desperate to get irreplaceable data back and when it is known that the ransom payment Attack.Ransom works . In this attack , it doesn ’ t appear to work . It ’ s been referred to as a ‘ kill switch ’ – that all the malware author had to do to throw the breaks on for some reason was to register some obscure domains . In the event a security researcher found the domains and registered them . He speculates that its not actually a kill switch but may be a form of sandbox detection ( malware wants to run in the real world and hide when it ’ s in a researcher ’ s sandbox . ) The thinking goes that in the kind of sandbox environment used by security researchers the domains might appear to be registered when in fact they are not . If the malware can get a response from the unregistered domains it thinks it ’ s in a sandbox and shuts down . If you blocklist the domains in your network then you ’ re turning off the “ kill switch ” . If you allowlist the domains you ’ re allowing access to the kill switch .