Why Are We Doing This?

We have been listening to managed service providers describe their experiences when remediating ransomware cases for their clients (mostly SMBs). While every story was unique, the message was clear and the fact pattern consistent:

  • Enterprise grade security and backup tools are not always economical, practical or available for SMBs in their hour of need.

  • Even with these tools, humans are humans and malicious files are clicked on.

  • Recovering from ransomware causes substantial downtime costs.

  • Dealing with cryptocurrency in the event of payment is an area no one wants to approach.

We expected to hear about frustrating situations and anxiety-ridden periods of recovery. We were not anticipating the murky class of ‘service providers’ (a term we use generously) whose treatment of ransomware victims is both usurious and predatory.  

These stories made us angry. Taking advantage of companies in a moment of vulnerability is wrong. It motivated us to build a better experience — and that is what we’ve done.

The Elephant in the Room

Last year, ransomware took an unprecedented toll on nearly every sector. Today, security experts estimate that businesses experience a ransomware incident every 40 seconds. Seventy-five percent of those incidents occur in businesses with fewer than 1,000 employees. For a small business, a day of downtime can be crippling or possibly fatal. 75% of MSPs report that ransomware associated downtime can collapse an SMB’s business.  

In addition to lost productivity, businesses report they often lose customers or experience permanent brand damage as a result of that downtime. With the average ransom amount around a thousand dollars, it is no wonder 50% choose to pay. It makes basic economic sense.

But there is a stigma associated with paying a ransom.

We expect criticism and scrutiny of our model. Coveware makes it easier for businesses to pay. Popular refrains involve a utopian vision of every afflicted business and person, ceasing to pay, and the problem disappearing for good. While we understand and appreciate these refrains, we deem the implementation unrealistic.

The answer lies in data driven, incremental improvements. There are fantastic surveys and visualizations that summarize the state of ransomware.  But today’s remediation activity is completely fragmented, uncollected and unstructured. We need real-time indicators.

By aggregating activity through a standard utility (our case management), we are able to observe data about current strains, attacks, technical details, payment success, victim demographics, and possibly perpetrator demographics.  We intend to collect and structure this data (anonymized to protect client identities) and serve it to both the cyber security community and to law enforcement and regulators. We believe that better data can help the security community build and deploy better security tools. We believe that law enforcement may be able to make a dent in who the perpetrators of these attacks are with higher quality aggregated data.

We also have no intention of profiting off of the payment of ransomware. In the future, we envision opening up Coveware case management as a public utility, so that any victim can have a clean experience without predatory fees, and our interested institutions, both private and public, can glean the insights they need to make a difference.


As we begin this journey, we do so with an open door to the security community, law enforcement and regulators. Expect us to knock on your door with an open book and an offer to share data and collaborate in the near future.

We are excited to hear the feedback from our IT managed service partners whose views were instrumental in the development of Coveware’s solution. We look forward to continuously delivering an experience that engenders the loyalty of our end clients.

To the businesses and consumers we aren’t be able to help today, trust that we have you in our sights, and hope to work with you as our community grows.

-Bill & Alex

Co-founders of Coveware