Attacks/Breaches
1/26/2017
03:25 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Most Companies Still Willing To Pay Ransom To Recover Data, Survey Shows

St. Louis Public Library system becomes latest example of growing number refusing to do so

The St. Louis Public Library (SLPL) system has become the latest to recover from a ransomware attack without paying a dime in ransom money, even as a new survey shows that organizations overall continue to be more inclined to pay up than not in a similar situation.

SLPL last Friday was hit with a ransomware attack that disrupted access to some 700 checkout systems and computers used by patrons across all 17 of its libraries.

Instead of trying to negotiate with the attackers, who wanted $35,000 in ransom, library officials immediately contacted the FBI and began work on restoring service using backup systems.

As of Thursday morning, the library has restored circulation service at all of its locations and patrons once again have full access to all reservable computers and printers across the library system, says Jen Hatton, PR manager for SLPL. 

Administrators are still working on restoring access to systems used by staff across the 17 libraries. Meanwhile, all libraries remain open, as does access to SLPL's various databases, she adds.

Hatton did not provide details on the attack itself, citing the ongoing FBI investigation.

In a statement earlier this week, the executive director of SLPL, Waller McGuire, described the attack as very troubling. “An attempt to hold information and access to the world for ransom is deeply frightening and offensive to any public library,” he noted while reiterating his commitment to keep the library’s digital resources open and available to everyone.

For the moment at least, the number of organizations willing to pay a ransom to get their data back continues to outnumber those, like SLPL, who say they won’t.

For instance, 53% of the respondents in a recent survey of 618 individuals in small- and medium-sized organizations that the Ponemon Institute conducted on behalf of Carbonite Inc. said they would be willing to pay a ransom to get their data back.

The remaining 47% said they would never pay a ransom even if it meant losing their data. About 48% said their company had already paid a ransom that averaged $2,500 to get the decryption key to their locked data.

In a similar IBM survey late last year, 60% of over 1,000 professionals from small, medium and large organizations indicated they would be willing to pay a ransom if it meant getting their data back while 70% confessed to having paid between $10,000 and $40,000 to do so.

The slowly shifting attitudes towards ransom payments come amid signs that many companies—especially SMBs—still remain largely conflicted on how to deal with the ransomware threat.

Despite the huge increase in ransomware attacks in recent months for instance, the new Ponemon/Carbonite survey shows that 57% of SMBs continue to labor under the belief they are immune from the threat because of their size.

“We found that many small companies believe they’re too small to be a target,” says Norman Guadagno, senior vice president and chief evangelist at Carbonite. “This mentality makes you a target since you’re not appropriately preparing for such attacks,” he says.

Because they believed they were less of a target, a bare 46% in the survey rated ransomware prevention as a high priority for their organization. “Our research showed that 66 percent of businesses rate the threat of ransomware as very serious, however only 13 percent said their company’s preparedness to prevent ransomware is ‘high,’” Guadagno says. “This preparation gap is alarming and something many businesses need to consider,” he says.

SLPL is among a growing number of publicly known ransomware victims in recent months that have refused to give in to extortion demands from attackers. One example is the San Francisco Municipal Transit Agency (SFMTA), which last November chose to hand out free rides to thousands of commuters over a weekend while systems were restored, rather than pay the demanded $73,000 ransom.

E-Sports Entertainment Association League (ESEA) is another example. Earlier this month, data, including emails and phone numbers, on a reported 1.5 million ESEA users was leaked online after the company refused to pay a ransom of $100,000 to the attackers who had stolen it. “We do not give into extortion and ransom demands and we take the security of customers’ data very seriously,” ESEA had noted at the time.

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.