Attacks/Breaches

12/14/2016
05:35 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Survey: Majority Of Businesses Would Pay Ransomware Attackers

Nearly 70% of ransomware victims surveyed by IBM said they paid between $10K and $40K to retrieve their data.

A new IBM report on the economics of ransomware should give cybercriminals plenty to cheer about this holiday season.

The report is based on a survey of over 1,000 US adults and 600 business executives from small, medium, and large firms. One in two of the respondents said their organization had been the victim of a ransomware attack in the last year. About 70% of those hit said they paid ransoms ranging from $10,000 to $40,000 to get their data back.

Six out of 10 respondents said they’d be willing to do the same to recover data in a similar situation. Some 25% professed their willingness to shell out between $20,000 and $50,000 if it would help them regain access to locked data like financial and customer data, intellectual property, and business plans. 

Somewhat unsurprisingly given the nature of the data involved, businesses tended to be slightly more willing to pay ransom money than consumers. When consumers were asked how they would respond to a ransomware extortion attempt, one in two said they would be unwilling to pay.

That number, however, dropped slightly when individuals were asked about their willingness to pay to get specific types of data back. For instance, 54% indicated they would give money to get financial data back, while 55% said they’d do the same in situations where personally valuable data like family photos are involved. Parents in general tended to be more willing to accede to a ransom demand compared to those without children.

IBM's findings highlight the success that cybercriminals appear to be having with ransomware and helps explains why the threat has grown so rapidly this year.

A report from Intel Security’s McAfee Labs this week shows that the number of ransomware samples at the end of the third quarter of 2016 totaled around 3.9 million, an 80% increase from the beginning of this year. 

In addition to the sharp increase in volume, ransomware samples also got progressively more sophisticated through the year and exhibited a variety of destructive behaviors including partial and full disk encryption, website encryption and use of exploit kits for delivery, the McAfee report noted.

According to IBM’s X-Force group, which conducted the research, ransomware accounted for a staggering 40% of all spam emails this year. It estimates that criminals are on track to make close to $1 billion this year from ransomware. The estimate is based on an FBI report earlier this year about criminals making nearly $210 million from ransomware in the first quarter.

Limor Kessem, executive security advisor for IBM Security, says some of the survey findings were surprising. The high percentage of business that said they had actually paid when they got attacked, for instance, was unexpected, Kessem says.

“Seventy percent is rather alarming and could be indicative of a very dire need to overhaul incident response,” she says. Equally surprising was the relatively high ransom amounts they paid and their willingness to do so if they had to deal with a ransomware attack.

The massive increase in ransomware-laden spam was also unexpected and points to the growing popularity of the tool among criminals.

“Payment definitely encourages attackers and feeds back into financing their schemes,” she says. Law enforcement has been unanimous in advocating against paying criminals, she notes. So some have chosen alternate routes like reporting ransomware incidents to law enforcement, attempting to resolve the attacks with professional help or negotiating down the ransom amounts.

“Paying is an option that many people have taken. Often, it’s in cases where no other option can be found, but in no way is it encouraged or recommended,” she says.

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why CISOs Need a Security Reality Check
Joel Fulton, Chief Information Security Officer for Splunk,  6/13/2018
Cisco Talos Summit: Network Defenders Not Serious Enough About Attacks
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2018
Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, Corelight,  6/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4043
PUBLISHED: 2018-06-19
SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx.
CVE-2018-11525
PUBLISHED: 2018-06-19
The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.
CVE-2018-11526
PUBLISHED: 2018-06-19
The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.
CVE-2018-11537
PUBLISHED: 2018-06-19
Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain.
CVE-2018-6210
PUBLISHED: 2018-06-19
D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session.