Procurement of bitcoin in ransomware situation.  What are folks doing to prepare for the need of a large purchase of bitcoin in the need to pay ransomware. Yes ideally we would take the "we'll never pay approach" however, I think it's important to be realistic and in certain circumstances you may need to cross that line.  Are you tied into a retainer of some sort with an exchange or Bitcoin holding firm?

I think that sufficient security measures, such as backups, can drastically reduce the likelihood of such an incident. Yes, we have connections to crypto brokers that also allow companies, should this ever be necessary. However, we have also insured ourselves against this scenario and are in close contact should it occur. Paying up is really only an option when all other options have been exhausted, as another attack is likely. In any case, this case should be reported to the authorities, also so that the bitcoins can be blacklisted on exchanges. This will prevent the attacker from making any payouts on larger regulated exchanges.

The cost of paying ransomware should not be understated. There is the ransom, supporting the industry and loosing the leverage required to implement controls properly (backups being most notable). That said when a ransom is called for I have certainly experienced the stakeholder pressure to maintain options and to that end paying a ransom with bitcoin requires some preparation. An account is required well ahead of time as anti-money laundering checks take time you don't have mid incident. Agreeing a custodian for the account, their DFA and authority to loose money if bitcoin prices trend unfavorable and a process to making timing predictable are all necessary evils.