Share this article on:
Ransomware has grown in popularity over the past two years and 2016 has seen record numbers of attacks on businesses.
Cybercriminals see ransomware as an easy way to make money. Rather than having to infiltrate a system, steal data, and sell those data on the black market – a process that can take months before payment is received – a ransomware infection usually results in quick payment of funds. Payments are typically received within 7 days of infection.
Ransoms are usually charged based on the number of devices that have been infected. Figures from Trend Micro suggest the average ransom demand is for $722 per infected device. The latest ransomware variants such as Locky, Samas, CryptoLocker, Xorist, and CryptorBit are capable of encrypting files on the infected device and shared and network drives and portable storage devices. Infections can rapidly spread throughout a network and many machines can be infected.
The recent ransomware attack on the Madison County, IN saw a ransomware infection spread to 600 computers and 75 servers. Madison Count paid $21,000 for the decryption keys, although an attack on that scale could have been far costlier.
A new study recently published by IBM Security has revealed just how lucrative ransomware is for cybercriminals and how often ransomware payments are made. IBM Security teamed up with Ketchum Global Research and Analytics to develop the survey, which was conducted by Braun Research Inc., and ORC International. In total, 1,621 surveys were completed: 600 on businesses and 1,021 on consumers.
The survey showed that 70% of businesses that have been attacked with ransomware paid the attackers to supply the keys to decrypt their files. Out of the 600 business leaders who were surveyed, almost half said they had already been attacked with ransomware.
More than half of respondents who paid a ransom to enable them to recover their files said the decryption keys cost them more than $10,000, while 20% of respondents said they paid more than $40,000.
60% of executives said they would pay to recover their data in the event of a ransomware attack and 25% said they would be willing to pay between $20,000 and $50,000. Executives said they would be more likely to pay a ransom if customer records, financial information, business plans, and intellectual property were encrypted.
The IBM report suggests ransomware attacks on small businesses are unlikely to yield such high returns as there are fewer computers to infect, but attacks would be much more likely to succeed. Small businesses were less likely to be aware of ransomware and have experience of dealing with infections. They were also less likely to provide their employees with security awareness training.
29% of small businesses said they had experience of ransomware compared to 57% of medium sized enterprises, while 30% of small businesses provided their employees with security awareness training compared to 57% of large businesses.
IBM says ransomware revenues have now exceeded $1 billion and with businesses and consumers willing to pay to recover their files, the attacks will continue. IBM and many security experts predict that the ransomware epidemic will continue to grow in 2017 and that attacks are likely to get more sophisticated. Businesses must therefore prepare and take steps to secure their systems, train their staff to be vigilant, and ensure data are regularly backed up and stored securely.