Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

1/26/2017
03:25 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Most Companies Still Willing To Pay Ransom To Recover Data, Survey Shows

St. Louis Public Library system becomes latest example of growing number refusing to do so

The St. Louis Public Library (SLPL) system has become the latest to recover from a ransomware attack without paying a dime in ransom money, even as a new survey shows that organizations overall continue to be more inclined to pay up than not in a similar situation.

SLPL last Friday was hit with a ransomware attack that disrupted access to some 700 checkout systems and computers used by patrons across all 17 of its libraries.

Instead of trying to negotiate with the attackers, who wanted $35,000 in ransom, library officials immediately contacted the FBI and began work on restoring service using backup systems.

As of Thursday morning, the library has restored circulation service at all of its locations and patrons once again have full access to all reservable computers and printers across the library system, says Jen Hatton, PR manager for SLPL. 

Administrators are still working on restoring access to systems used by staff across the 17 libraries. Meanwhile, all libraries remain open, as does access to SLPL's various databases, she adds.

Hatton did not provide details on the attack itself, citing the ongoing FBI investigation.

In a statement earlier this week, the executive director of SLPL, Waller McGuire, described the attack as very troubling. “An attempt to hold information and access to the world for ransom is deeply frightening and offensive to any public library,” he noted while reiterating his commitment to keep the library’s digital resources open and available to everyone.

For the moment at least, the number of organizations willing to pay a ransom to get their data back continues to outnumber those, like SLPL, who say they won’t.

For instance, 53% of the respondents in a recent survey of 618 individuals in small- and medium-sized organizations that the Ponemon Institute conducted on behalf of Carbonite Inc. said they would be willing to pay a ransom to get their data back.

The remaining 47% said they would never pay a ransom even if it meant losing their data. About 48% said their company had already paid a ransom that averaged $2,500 to get the decryption key to their locked data.

In a similar IBM survey late last year, 60% of over 1,000 professionals from small, medium and large organizations indicated they would be willing to pay a ransom if it meant getting their data back while 70% confessed to having paid between $10,000 and $40,000 to do so.

The slowly shifting attitudes towards ransom payments come amid signs that many companies—especially SMBs—still remain largely conflicted on how to deal with the ransomware threat.

Despite the huge increase in ransomware attacks in recent months for instance, the new Ponemon/Carbonite survey shows that 57% of SMBs continue to labor under the belief they are immune from the threat because of their size.

“We found that many small companies believe they’re too small to be a target,” says Norman Guadagno, senior vice president and chief evangelist at Carbonite. “This mentality makes you a target since you’re not appropriately preparing for such attacks,” he says.

Because they believed they were less of a target, a bare 46% in the survey rated ransomware prevention as a high priority for their organization. “Our research showed that 66 percent of businesses rate the threat of ransomware as very serious, however only 13 percent said their company’s preparedness to prevent ransomware is ‘high,’” Guadagno says. “This preparation gap is alarming and something many businesses need to consider,” he says.

SLPL is among a growing number of publicly known ransomware victims in recent months that have refused to give in to extortion demands from attackers. One example is the San Francisco Municipal Transit Agency (SFMTA), which last November chose to hand out free rides to thousands of commuters over a weekend while systems were restored, rather than pay the demanded $73,000 ransom.

E-Sports Entertainment Association League (ESEA) is another example. Earlier this month, data, including emails and phone numbers, on a reported 1.5 million ESEA users was leaked online after the company refused to pay a ransom of $100,000 to the attackers who had stolen it. “We do not give into extortion and ransom demands and we take the security of customers’ data very seriously,” ESEA had noted at the time.

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
How a Manufacturing Firm Recovered from a Devastating Ransomware Attack
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5798
PUBLISHED: 2019-05-23
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2019-5799
PUBLISHED: 2019-05-23
Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2019-5800
PUBLISHED: 2019-05-23
Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2019-5801
PUBLISHED: 2019-05-23
Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVE-2019-5802
PUBLISHED: 2019-05-23
Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.