JPMorgan Chase and Bank of America have been hit by cyber attacks this year. (AFP/Getty Images/AFP/Getty Images)
NEW YORK — Monsanto, the St. Louis-based biotech company, used $11 million in the spring to buy bitcoins, but it turns out that the ransom-for-compromise payment scheme may have left itself vulnerable to breaches.
In May, cyber thieves tricked Monsanto’s cloud computing provider into moving some computer files into the stolen bitcoin wallet, the cyber-security company Proofpoint reported on Tuesday. Proofpoint warned that financial institutions could make the same mistake and the malware could go undetected for months.
Proofpoint CEO Gary Steele said Tuesday that companies are struggling to prevent computer threats, so hackers are going for more “fast and easy to identify” methods.
Proofpoint said that Monsanto has been “responsible” in its actions to secure the files, and that the breached files were not in Monsanto’s operating system, so they did not expose important internal data.
“Our website, and most of our web assets, remain operational,” Ronny Paquet, Monsanto’s VP of business operations, said in a statement.
Proofpoint first detected the transaction early May, six weeks after the bitcoin transaction, which didn’t generate any blockchain “memorization,” or public record.
“Is this an example of ‘good enough’ security to raise concerns about what defense can protect us?” Paquet said. “Again, all customers have the responsibility to audit where they put money in the payment systems.”