Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

1/26/2017
03:25 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Most Companies Still Willing To Pay Ransom To Recover Data, Survey Shows

St. Louis Public Library system becomes latest example of growing number refusing to do so

The St. Louis Public Library (SLPL) system has become the latest to recover from a ransomware attack without paying a dime in ransom money, even as a new survey shows that organizations overall continue to be more inclined to pay up than not in a similar situation.

SLPL last Friday was hit with a ransomware attack that disrupted access to some 700 checkout systems and computers used by patrons across all 17 of its libraries.

Instead of trying to negotiate with the attackers, who wanted $35,000 in ransom, library officials immediately contacted the FBI and began work on restoring service using backup systems.

As of Thursday morning, the library has restored circulation service at all of its locations and patrons once again have full access to all reservable computers and printers across the library system, says Jen Hatton, PR manager for SLPL. 

Administrators are still working on restoring access to systems used by staff across the 17 libraries. Meanwhile, all libraries remain open, as does access to SLPL's various databases, she adds.

Hatton did not provide details on the attack itself, citing the ongoing FBI investigation.

In a statement earlier this week, the executive director of SLPL, Waller McGuire, described the attack as very troubling. “An attempt to hold information and access to the world for ransom is deeply frightening and offensive to any public library,” he noted while reiterating his commitment to keep the library’s digital resources open and available to everyone.

For the moment at least, the number of organizations willing to pay a ransom to get their data back continues to outnumber those, like SLPL, who say they won’t.

For instance, 53% of the respondents in a recent survey of 618 individuals in small- and medium-sized organizations that the Ponemon Institute conducted on behalf of Carbonite Inc. said they would be willing to pay a ransom to get their data back.

The remaining 47% said they would never pay a ransom even if it meant losing their data. About 48% said their company had already paid a ransom that averaged $2,500 to get the decryption key to their locked data.

In a similar IBM survey late last year, 60% of over 1,000 professionals from small, medium and large organizations indicated they would be willing to pay a ransom if it meant getting their data back while 70% confessed to having paid between $10,000 and $40,000 to do so.

The slowly shifting attitudes towards ransom payments come amid signs that many companies—especially SMBs—still remain largely conflicted on how to deal with the ransomware threat.

Despite the huge increase in ransomware attacks in recent months for instance, the new Ponemon/Carbonite survey shows that 57% of SMBs continue to labor under the belief they are immune from the threat because of their size.

“We found that many small companies believe they’re too small to be a target,” says Norman Guadagno, senior vice president and chief evangelist at Carbonite. “This mentality makes you a target since you’re not appropriately preparing for such attacks,” he says.

Because they believed they were less of a target, a bare 46% in the survey rated ransomware prevention as a high priority for their organization. “Our research showed that 66 percent of businesses rate the threat of ransomware as very serious, however only 13 percent said their company’s preparedness to prevent ransomware is ‘high,’” Guadagno says. “This preparation gap is alarming and something many businesses need to consider,” he says.

SLPL is among a growing number of publicly known ransomware victims in recent months that have refused to give in to extortion demands from attackers. One example is the San Francisco Municipal Transit Agency (SFMTA), which last November chose to hand out free rides to thousands of commuters over a weekend while systems were restored, rather than pay the demanded $73,000 ransom.

E-Sports Entertainment Association League (ESEA) is another example. Earlier this month, data, including emails and phone numbers, on a reported 1.5 million ESEA users was leaked online after the company refused to pay a ransom of $100,000 to the attackers who had stolen it. “We do not give into extortion and ransom demands and we take the security of customers’ data very seriously,” ESEA had noted at the time.

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29040
PUBLISHED: 2021-05-16
The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused att...
CVE-2021-29041
PUBLISHED: 2021-05-16
Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the othe...
CVE-2021-29047
PUBLISHED: 2021-05-16
The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.
CVE-2021-22668
PUBLISHED: 2021-05-16
Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (with ScreenEditor Version 1.01.2) and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.
CVE-2021-29039
PUBLISHED: 2021-05-16
Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name.