Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

12/14/2016
05:35 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Survey: Majority Of Businesses Would Pay Ransomware Attackers

Nearly 70% of ransomware victims surveyed by IBM said they paid between $10K and $40K to retrieve their data.

A new IBM report on the economics of ransomware should give cybercriminals plenty to cheer about this holiday season.

The report is based on a survey of over 1,000 US adults and 600 business executives from small, medium, and large firms. One in two of the respondents said their organization had been the victim of a ransomware attack in the last year. About 70% of those hit said they paid ransoms ranging from $10,000 to $40,000 to get their data back.

Six out of 10 respondents said they’d be willing to do the same to recover data in a similar situation. Some 25% professed their willingness to shell out between $20,000 and $50,000 if it would help them regain access to locked data like financial and customer data, intellectual property, and business plans. 

Somewhat unsurprisingly given the nature of the data involved, businesses tended to be slightly more willing to pay ransom money than consumers. When consumers were asked how they would respond to a ransomware extortion attempt, one in two said they would be unwilling to pay.

That number, however, dropped slightly when individuals were asked about their willingness to pay to get specific types of data back. For instance, 54% indicated they would give money to get financial data back, while 55% said they’d do the same in situations where personally valuable data like family photos are involved. Parents in general tended to be more willing to accede to a ransom demand compared to those without children.

IBM's findings highlight the success that cybercriminals appear to be having with ransomware and helps explains why the threat has grown so rapidly this year.

A report from Intel Security’s McAfee Labs this week shows that the number of ransomware samples at the end of the third quarter of 2016 totaled around 3.9 million, an 80% increase from the beginning of this year. 

In addition to the sharp increase in volume, ransomware samples also got progressively more sophisticated through the year and exhibited a variety of destructive behaviors including partial and full disk encryption, website encryption and use of exploit kits for delivery, the McAfee report noted.

According to IBM’s X-Force group, which conducted the research, ransomware accounted for a staggering 40% of all spam emails this year. It estimates that criminals are on track to make close to $1 billion this year from ransomware. The estimate is based on an FBI report earlier this year about criminals making nearly $210 million from ransomware in the first quarter.

Limor Kessem, executive security advisor for IBM Security, says some of the survey findings were surprising. The high percentage of business that said they had actually paid when they got attacked, for instance, was unexpected, Kessem says.

“Seventy percent is rather alarming and could be indicative of a very dire need to overhaul incident response,” she says. Equally surprising was the relatively high ransom amounts they paid and their willingness to do so if they had to deal with a ransomware attack.

The massive increase in ransomware-laden spam was also unexpected and points to the growing popularity of the tool among criminals.

“Payment definitely encourages attackers and feeds back into financing their schemes,” she says. Law enforcement has been unanimous in advocating against paying criminals, she notes. So some have chosen alternate routes like reporting ransomware incidents to law enforcement, attempting to resolve the attacks with professional help or negotiating down the ransom amounts.

“Paying is an option that many people have taken. Often, it’s in cases where no other option can be found, but in no way is it encouraged or recommended,” she says.

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-2322
PUBLISHED: 2021-06-23
Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1 ...
CVE-2021-20019
PUBLISHED: 2021-06-23
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.
CVE-2021-21809
PUBLISHED: 2021-06-23
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
CVE-2021-34067
PUBLISHED: 2021-06-23
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.
CVE-2021-34068
PUBLISHED: 2021-06-23
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.