Attacks/Breaches

12/14/2016
05:35 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Survey: Majority Of Businesses Would Pay Ransomware Attackers

Nearly 70% of ransomware victims surveyed by IBM said they paid between $10K and $40K to retrieve their data.

A new IBM report on the economics of ransomware should give cybercriminals plenty to cheer about this holiday season.

The report is based on a survey of over 1,000 US adults and 600 business executives from small, medium, and large firms. One in two of the respondents said their organization had been the victim of a ransomware attack in the last year. About 70% of those hit said they paid ransoms ranging from $10,000 to $40,000 to get their data back.

Six out of 10 respondents said they’d be willing to do the same to recover data in a similar situation. Some 25% professed their willingness to shell out between $20,000 and $50,000 if it would help them regain access to locked data like financial and customer data, intellectual property, and business plans. 

Somewhat unsurprisingly given the nature of the data involved, businesses tended to be slightly more willing to pay ransom money than consumers. When consumers were asked how they would respond to a ransomware extortion attempt, one in two said they would be unwilling to pay.

That number, however, dropped slightly when individuals were asked about their willingness to pay to get specific types of data back. For instance, 54% indicated they would give money to get financial data back, while 55% said they’d do the same in situations where personally valuable data like family photos are involved. Parents in general tended to be more willing to accede to a ransom demand compared to those without children.

IBM's findings highlight the success that cybercriminals appear to be having with ransomware and helps explains why the threat has grown so rapidly this year.

A report from Intel Security’s McAfee Labs this week shows that the number of ransomware samples at the end of the third quarter of 2016 totaled around 3.9 million, an 80% increase from the beginning of this year. 

In addition to the sharp increase in volume, ransomware samples also got progressively more sophisticated through the year and exhibited a variety of destructive behaviors including partial and full disk encryption, website encryption and use of exploit kits for delivery, the McAfee report noted.

According to IBM’s X-Force group, which conducted the research, ransomware accounted for a staggering 40% of all spam emails this year. It estimates that criminals are on track to make close to $1 billion this year from ransomware. The estimate is based on an FBI report earlier this year about criminals making nearly $210 million from ransomware in the first quarter.

Limor Kessem, executive security advisor for IBM Security, says some of the survey findings were surprising. The high percentage of business that said they had actually paid when they got attacked, for instance, was unexpected, Kessem says.

“Seventy percent is rather alarming and could be indicative of a very dire need to overhaul incident response,” she says. Equally surprising was the relatively high ransom amounts they paid and their willingness to do so if they had to deal with a ransomware attack.

The massive increase in ransomware-laden spam was also unexpected and points to the growing popularity of the tool among criminals.

“Payment definitely encourages attackers and feeds back into financing their schemes,” she says. Law enforcement has been unanimous in advocating against paying criminals, she notes. So some have chosen alternate routes like reporting ransomware incidents to law enforcement, attempting to resolve the attacks with professional help or negotiating down the ransom amounts.

“Paying is an option that many people have taken. Often, it’s in cases where no other option can be found, but in no way is it encouraged or recommended,” she says.

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10016
PUBLISHED: 2019-03-25
GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring.
CVE-2019-10018
PUBLISHED: 2019-03-25
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.
CVE-2019-10019
PUBLISHED: 2019-03-25
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.
CVE-2019-10020
PUBLISHED: 2019-03-25
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.
CVE-2019-10021
PUBLISHED: 2019-03-25
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.