A photo shows staff monitoring the spread of ransomware cyber-attacks at the Korea Internet and Security Agency (KISA) in Seoul More cyberattacks could be in the pipeline after the global havoc caused by the Wannacry ransomware./AFP
A photo shows staff monitoring the spread of ransomware cyber-attacks at the Korea Internet and Security Agency (KISA) in Seoul More cyberattacks could be in the pipeline after the global havoc caused by the Wannacry ransomware./AFP

70% of firms paid ransomware criminals: US study

Corporate May 16, 2017 14:19

By The Nation

2,478 Viewed

IBM Security on Tuesday announced results from a US study that found 70 per cent of businesses infected with ransomware paid a ransom to regain access to business data and systems.



In comparison, over 50 per cent of consumers surveyed said they would not pay to regain access to personal data or devices apart from for access to financial data.

Ransomware is an extortion technique used by cybercriminals where data on computers and other devices is encrypted and held for ransom until a specified amount of money is paid. 

The IBM X-Force study, “Ransomware: How Consumers and Businesses Value Their Data”, surveyed 600 business leaders and more than 1,000 consumers in the US to determine the value placed on different types of data. Some key findings from consumers include:

Ransomware was one of the leading cybersecurity threats in 2016 with the FBI estimating cybercriminals, in the first three months of this year, making a reported $209 million (Bt7.2 billion). 

This would put criminals on pace to make nearly $1 billion in 2016 from their use of the malware. In fact, according to IBM X-Force research, ransomware made up nearly 40 per cent of all spam e-mails sent in 2016, demonstrating a significant increase in the spread of the extortion tool.

Demonstrating ransomware’s success with businesses, nearly one in two business executives surveyed have experienced ransomware attacks in the workplace. The study found 70 per cent of these executives said their company has paid to resolve the attack, with half of those paying over $10,000 and 20 per cent paying over $40,000.

As part of the survey, nearly 60 per cent of all business executives indicated they would be willing to pay ransom to recover data. The data types they were willing to pay for included financial records, customer records, intellectual property and business plans. Overall, 25 per cent of business executives said, depending upon the data type, they would be willing to pay between $20,000 and $50,000 to get access back to data.

Small businesses remain a ripe target for ransomware. Only 29 per cent of small businesses surveyed have experience with ransomware attacks compared to 57 per cent of medium size businesses. While cybercriminals may not view these businesses as offering a big payday, a lack of training on workplace IT security best practices can make them vulnerable. The study found that only 30 per cent of small businesses surveyed offer security training to their employees, compared to 58 percent of larger companies.

One out of two consumers participating in the survey indicated they would be unwilling to pay a hacker to regain access to their data. When presented with specific data types their willingness to pay began to increase.

For example, 54 per cent of participants would be willing to pay for financial data and 43 per cent were willing to pay for access back to their mobile device. When asked to put a value on different types of data, 37 per cent of consumers said they would pay over $100 to get data back. For comparison, IBM X-Force typically sees ransomware demanding approximately $500 or higher, depending upon the victim and the time lapse they wait before paying.

Cybercriminals are having their best success leveraging ransomware against parents. In fact, 39 per cent of parents surveyed have experience dealing with ransomware while overall 29 per cent of non-parents indicated some experience.

IBM’s analysis determined that parents are more motivated to pay due to sentimental value and children’s happiness. For example, 71 per cent of parents surveyed were most concerned about their family digital photos and videos being threatened with only 54 per cent of non-parents showing the same concern. Overall, 55 per cent of parents would pay for access back to the photos while only 39 per cent of non-parents would pay.

Access to gaming devices, likely used by children, were also highly ranked by parents as most concerning to them. In fact, it was second to photos and video with 40 per cent of parents reported being worried about losing access to these devices versus 27 per cent of non-parents.

“While consumers and businesses have different experiences with ransomware, cybercriminals have no boundaries when it comes to their targets,” said Limor Kessem, executive security adviser, IBM Security and the report’s author. “The digitsation of memories, financial information and trade secrets require a renewed vigilance to protect it from extortion schemes like ransomware. Cybercriminals are taking advantage of our reliance on devices and digital data creating pressure points that test our willingness to lose precious memories or financial security.”

With the financial returns on ransomware growing north of a $1 billion for cybercriminals, IBM anticipates it and other extortion schemes will continue to grow. Both businesses and consumers can take some steps to help defend themselves from ransomware. IBM X-Force experts recommends the following tips to protect yourself and your business:

1. Be vigilant: If an email looks too good to be true, it probably is. Be cautious when opening attachments and clicking links.

2. Backup your data: Plan and maintain regular backup routines. Ensure that backups are secure, and not constantly connected or mapped to the live network. Test your backups regularly to verify their integrity and usability in case of emergency.

3. Disable macros: Document macros have been a common infection vector for ransomware in 2016. Macros from email and documents should be disabled by default to avoid infection.

4. Patch and purge: Maintain regular software updates for all devices, including operating systems and apps. Update any software you use often and delete applications you rarely access.