Attacks/Breaches

1/26/2017
03:25 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Most Companies Still Willing To Pay Ransom To Recover Data, Survey Shows

St. Louis Public Library system becomes latest example of growing number refusing to do so

The St. Louis Public Library (SLPL) system has become the latest to recover from a ransomware attack without paying a dime in ransom money, even as a new survey shows that organizations overall continue to be more inclined to pay up than not in a similar situation.

SLPL last Friday was hit with a ransomware attack that disrupted access to some 700 checkout systems and computers used by patrons across all 17 of its libraries.

Instead of trying to negotiate with the attackers, who wanted $35,000 in ransom, library officials immediately contacted the FBI and began work on restoring service using backup systems.

As of Thursday morning, the library has restored circulation service at all of its locations and patrons once again have full access to all reservable computers and printers across the library system, says Jen Hatton, PR manager for SLPL. 

Administrators are still working on restoring access to systems used by staff across the 17 libraries. Meanwhile, all libraries remain open, as does access to SLPL's various databases, she adds.

Hatton did not provide details on the attack itself, citing the ongoing FBI investigation.

In a statement earlier this week, the executive director of SLPL, Waller McGuire, described the attack as very troubling. “An attempt to hold information and access to the world for ransom is deeply frightening and offensive to any public library,” he noted while reiterating his commitment to keep the library’s digital resources open and available to everyone.

For the moment at least, the number of organizations willing to pay a ransom to get their data back continues to outnumber those, like SLPL, who say they won’t.

For instance, 53% of the respondents in a recent survey of 618 individuals in small- and medium-sized organizations that the Ponemon Institute conducted on behalf of Carbonite Inc. said they would be willing to pay a ransom to get their data back.

The remaining 47% said they would never pay a ransom even if it meant losing their data. About 48% said their company had already paid a ransom that averaged $2,500 to get the decryption key to their locked data.

In a similar IBM survey late last year, 60% of over 1,000 professionals from small, medium and large organizations indicated they would be willing to pay a ransom if it meant getting their data back while 70% confessed to having paid between $10,000 and $40,000 to do so.

The slowly shifting attitudes towards ransom payments come amid signs that many companies—especially SMBs—still remain largely conflicted on how to deal with the ransomware threat.

Despite the huge increase in ransomware attacks in recent months for instance, the new Ponemon/Carbonite survey shows that 57% of SMBs continue to labor under the belief they are immune from the threat because of their size.

“We found that many small companies believe they’re too small to be a target,” says Norman Guadagno, senior vice president and chief evangelist at Carbonite. “This mentality makes you a target since you’re not appropriately preparing for such attacks,” he says.

Because they believed they were less of a target, a bare 46% in the survey rated ransomware prevention as a high priority for their organization. “Our research showed that 66 percent of businesses rate the threat of ransomware as very serious, however only 13 percent said their company’s preparedness to prevent ransomware is ‘high,’” Guadagno says. “This preparation gap is alarming and something many businesses need to consider,” he says.

SLPL is among a growing number of publicly known ransomware victims in recent months that have refused to give in to extortion demands from attackers. One example is the San Francisco Municipal Transit Agency (SFMTA), which last November chose to hand out free rides to thousands of commuters over a weekend while systems were restored, rather than pay the demanded $73,000 ransom.

E-Sports Entertainment Association League (ESEA) is another example. Earlier this month, data, including emails and phone numbers, on a reported 1.5 million ESEA users was leaked online after the company refused to pay a ransom of $100,000 to the attackers who had stolen it. “We do not give into extortion and ransom demands and we take the security of customers’ data very seriously,” ESEA had noted at the time.

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-18913
PUBLISHED: 2019-03-21
Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take full control of the system from any location with...
CVE-2018-20031
PUBLISHED: 2019-03-21
A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor ...
CVE-2018-20032
PUBLISHED: 2019-03-21
A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon t...
CVE-2018-20034
PUBLISHED: 2019-03-21
A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor ...
CVE-2019-3855
PUBLISHED: 2019-03-21
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.