Endpoint

10/31/2017
08:00 AM
50%
50%

Majority of Employees Hit with Ransomware Personally Make Payment

Office workers pay an average ransom of $1,400, according to a new report.

A whopping 59% of employees who have sustained a ransomware attack at work personally paid the extortion money, according to a report released today by Intermedia.

The 2017 Data Vulnerability Report Part 2, a survey of 1,000 office workers at small-to midsized businesses, also found 68% of business owners and executives personally paid ransom payments. The average ransom paid was approximately $1,400, the study notes.

Potential Payment Drivers

"I think employees pay it because it's fast," speculates Jonathan Levine, Intermedia's CTO. "While everyone is trying to figure out the company's policy on paying ransom, the people still need to get the work done."

He believes most employees do not back up their work, and adds it's not surprising a majority of the workers personally paid the ransom.

But Chris Hornick, president-elect of the Northern California Human Resources Association and CEO of HBSC Strategic Services, has a different view on why employees are willing to shell out hundreds of dollars of their own money.

If an employer learns that company equipment is used for non-work related activities, it could be a fireable offense, Hornick says.

For example, if an employee clicks on a bogus email attachment touting details for a free luxurious vacation to the Bahamas and it results in a ransomware attack, the employee may face termination.

"This could be why employees don't want to disclose it and pay the ransom themselves," Hornick says. "It's a double-edged sword because usually employees know their employer wants them to disclose ransomware attacks."

Workforce Ransomware Education

The survey also reports that 70% of respondents say their employer regularly communicates about cyberthreats, and that 69% are familiar with ransomware. However, given that the majority of office workers still pay the ransom themselves, Levine says it suggests companies have not yet taken the extra step to inform employees what to do if they are attacked by ransomware.

"A lot of the security education is around how not to get hit, versus what to do once you get hit," Levine says, adding, "People are bad when it comes to planning for low-probability events, even catastrophic ones."

Thirty-seven percent of survey respondents note their employers paid the ransom. The Intermedia report advises companies to inform workers about the possible dangers of dealing with ransomware attackers directly.

The report also advises creating an environment where employees realize there is no shame in becoming a ransomware victim, and that personally paying ransom should never be an option.

Related Content:

 

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Cracking 2FA: How It's Done and How to Stay Safe
Kelly Sheridan, Staff Editor, Dark Reading,  5/17/2018
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Lital Asher-Dotan, Senior Director, Security Research and Content, Cybereason,  5/21/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Shhh!  They're watching... And you have a laptop?  
Current Issue
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-17158
PUBLISHED: 2018-05-24
Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prag...
CVE-2017-17315
PUBLISHED: 2018-05-24
Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specially crafted SCCP m...
CVE-2018-5485
PUBLISHED: 2018-05-24
NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a privilege escalation attack.
CVE-2018-5487
PUBLISHED: 2018-05-24
NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution.
CVE-2018-7902
PUBLISHED: 2018-05-24
Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privile...