Attacks/Breaches
12/14/2016
05:35 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Survey: Majority Of Businesses Would Pay Ransomware Attackers

Nearly 70% of ransomware victims surveyed by IBM said they paid between $10K and $40K to retrieve their data.

A new IBM report on the economics of ransomware should give cybercriminals plenty to cheer about this holiday season.

The report is based on a survey of over 1,000 US adults and 600 business executives from small, medium, and large firms. One in two of the respondents said their organization had been the victim of a ransomware attack in the last year. About 70% of those hit said they paid ransoms ranging from $10,000 to $40,000 to get their data back.

Six out of 10 respondents said they’d be willing to do the same to recover data in a similar situation. Some 25% professed their willingness to shell out between $20,000 and $50,000 if it would help them regain access to locked data like financial and customer data, intellectual property, and business plans. 

Somewhat unsurprisingly given the nature of the data involved, businesses tended to be slightly more willing to pay ransom money than consumers. When consumers were asked how they would respond to a ransomware extortion attempt, one in two said they would be unwilling to pay.

That number, however, dropped slightly when individuals were asked about their willingness to pay to get specific types of data back. For instance, 54% indicated they would give money to get financial data back, while 55% said they’d do the same in situations where personally valuable data like family photos are involved. Parents in general tended to be more willing to accede to a ransom demand compared to those without children.

IBM's findings highlight the success that cybercriminals appear to be having with ransomware and helps explains why the threat has grown so rapidly this year.

A report from Intel Security’s McAfee Labs this week shows that the number of ransomware samples at the end of the third quarter of 2016 totaled around 3.9 million, an 80% increase from the beginning of this year. 

In addition to the sharp increase in volume, ransomware samples also got progressively more sophisticated through the year and exhibited a variety of destructive behaviors including partial and full disk encryption, website encryption and use of exploit kits for delivery, the McAfee report noted.

According to IBM’s X-Force group, which conducted the research, ransomware accounted for a staggering 40% of all spam emails this year. It estimates that criminals are on track to make close to $1 billion this year from ransomware. The estimate is based on an FBI report earlier this year about criminals making nearly $210 million from ransomware in the first quarter.

Limor Kessem, executive security advisor for IBM Security, says some of the survey findings were surprising. The high percentage of business that said they had actually paid when they got attacked, for instance, was unexpected, Kessem says.

“Seventy percent is rather alarming and could be indicative of a very dire need to overhaul incident response,” she says. Equally surprising was the relatively high ransom amounts they paid and their willingness to do so if they had to deal with a ransomware attack.

The massive increase in ransomware-laden spam was also unexpected and points to the growing popularity of the tool among criminals.

“Payment definitely encourages attackers and feeds back into financing their schemes,” she says. Law enforcement has been unanimous in advocating against paying criminals, she notes. So some have chosen alternate routes like reporting ransomware incidents to law enforcement, attempting to resolve the attacks with professional help or negotiating down the ransom amounts.

“Paying is an option that many people have taken. Often, it’s in cases where no other option can be found, but in no way is it encouraged or recommended,” she says.

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
Secure Application Development - New Best Practices
Secure Application Development - New Best Practices
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.