Half of Ransomware Victims Pay Criminals’ Demands to Recover Data

A Ponemon Institute report on ransomware revealed 48 percent of businesses surveyed paid a ransom in exchange for getting their data back.

A report on ransomware sheds new light on attacks in 2016, starting with the fact that 48 percent of businesses hit by ransomware said they paid the ransom. That’s in spite of pleas from cyber security experts and the FBI not to do so. Other insights include the average ransom payment was $2,500 with 7 percent of respondents admitting to paying more than $10,000 to get their data back.

The Ponemon Institute study, titled “The Rise of Ransomware” and sponsored by backup company Carbonite, found by far that most ransomware attacks stemmed from phishing and social engineering ploys. Another 30 percent of respondents said they were lured in by insecure or spoofed websites.

“Fifty-eight percent of respondents say negligent employees put their company at risk for a ransomware attack,” the report said.

The study (PDF) was based on 618 respondents comprised mainly of IT contractors, managers and business owners reporting directly to a business CISO. Data culled from these sources suggest ransomware worries will continue well into 2017. Only a quarter of respondents expressed confidence that their current security would protect their company from future ransomware attacks.

“An average of one or more ransomware infections go undetected per month and are able to bypass their organization’s IPS and/or AV systems, according to 44 percent of respondents,” according to the study. Trends such as the growth of Internet of Things and connected devices will increase the threat landscape, they said.

When it comes to the types of ransomware, 80 percent of survey respondents said they were hit by crypto ransomware and 20 percent of respondents say their company experienced locker ransomware, which prevents access to the computer until a ransom is paid. Forty-six percent of victims were given fewer than two days to pay a ransom while 16 percent said attackers placed no time limit on paying the ransom.

Compromised data related to ransomware attacks is also a topic of great concern among its victims. Of those attacked, more than half of victims are fairly sure that data was removed from compromised devices.

Obviously, the loss of confidential data is only one of many ransomware headaches businesses face. Thirty-three percent of respondents said the top true cost of ransomware is having to invest in new security defenses. Another 32 percent said the loss of revenue due to business downtime and also the loss of customers were both the biggest contributors to the economic impact of ransomware.

Much to the disappointment of the FBI, almost half (49 percent) of respondents said there were too afraid of public scrutiny to report ransomware attacks to law enforcement. The FBI has been a loud advocate for ransomware victims to come forward, arguing “a Bitcoin wallet address, transaction data, the hashtag of the malware, or any email correspondence, it can help advance an FBI ransomware investigation.”

Despite those pleas from law enforcement, 17 percent of companies said they didn’t notify the authorities because they didn’t believe the ransom demand was exorbitant. Another 10 percent said they were afraid going to the authorities out of fear it might motivate additional attacks.

The best way to avoid paying a ransom? Backup your data and systems. Of the 52 percent of respondents that said they were hit by a ransomware attack, but didn’t pay the ransom, they cited having a full backup as to why, according to the study.

Suggested articles

enterprise mobility cyberthreats risk management

Mobile Risks Boom in a Post-Perimeter World

The bloom is on mobile, whether it be the enterprise, employees or the cybercriminals plotting new ways to slip past a corporate defenses in a post-parameter world.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.