'Your money or your data!' – Most still have never heard of ransomware; while a majority of victims have paid up, IBM says

Bob Sullivan

There’s fresh evidence out Wednesday to show the ransomware epidemic has staying power. Why? Victims are paying ransoms for their data, that’s why.

Madison County, Indiana made headlines last week because it admitted a recent ransomware attack will cost taxpayers there $220,000 — some to the hackers, most for security upgrades.

But Madison County shouldn’t be singled out. Ransomware nightmares  — involving malicious software that encrypts victims’ data and won’t “give it back” unless a fee is paid —  are playing out everywhere.  The Carroll County, Arkansas, sheriff’s department admitted this week it had paid $2,400 to recover data held captive from the its law enforcement management system, which holds reports, bookings and other day-to-day operational data, according to Townhall.com.

The hits keep coming because victims keep paying; and victims keep paying because they seem to have no other choice.  Obviously, criminals keep will keep doing what works.

IBM researchers set out recently to understand the prevalence of ransomware. In a report released Wednesday, IBM’s X-Force said that the volume of spam containing ransomware has skyrocketed.  The FBI claims there were an average of 4,000 attacks per day in the first quarter of 2016.

And yet, IBM found that only 31 percent of consumers had even heard the term “ransomware.” Meanwhile, 75 percent said they “are confident they can protect personal data on a computer they own.”  Meanwhile, 6 out of 10 said they had not taken any action in the past three months to protect themselves from being hacked.

That’s head-in-the-sand stuff, folks. Forward your friends this story now — but don’t include it as an attachment, please.

Meanwhile, companies seem to be more realistic, and more frightened — 56 percent of companies surveyed by the Ponemon Institute said, in a separate study, they are not ready to deal with ransomware. (I have a business partnership with Larry Ponemon at PonemonSullivanReport.com).

All this matters because a majority of consumers and corporations actually say they’d pay to recover data encrypted by a criminal. Some 54 percent said they’d pay up to $100 to get back financial data, and 55 percent said they’d do so to retrieve lost digital photos. Not surprisingly, Parents (71 percent) are much more concerned than non-parents (54 percent) about family digital photos being held for ransom or access blocked.

(Back up those family photos, kids!)

Now, for the meat of the report.  Many corporations told IBM that they had already paid ransom for data — seven in ten of those who have experience with ransomware attacks have done so, with with more than half paying over $10,000, IBM said.  Many paid more.

  • 20 percent paid more than $40,000
  • 25 percent paid $20,000 – $40,000
  • 11 percent paid $10,000 – $20,000

“The perception of the value of data, and the corresponding willingness to pay to retrieve it, increases with company size. Sixty percent of all respondents say their businesses would pay some ransom and they’re most willing to pay for financial (62 percent) and customer/sales records,” the report said.

All this paying up flies in the face of law enforcement’s advice, which is to never pay.

“Paying a ransom doesn’t guarantee an organization that it will get its data back,” said FBI Cyber Division Assistant Director James Trainor in a report earlier this year. “We’ve seen cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cybercriminals to target more organizations; it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding.”

Of course, the FBI is looking at the macro impact, while the victims are looking at a huge, immediate micro problem.

How can you protect yourself?  IBM says the main way ransomware arrives is through an unsolicited email with a booby-trapped attachment — usually a Microsoft Office document that asks for macro permissions. So don’t click on those and you’ve gone a long way towards protecting yourself. Here’s some other tips from IBM.

Banish unsolicited email: Sending a poisoned attachment is one of the most popular infection methods used by ransomware operators. Be very discerning when it comes to what attachments you open and what links you click in emails.

No macros: Office document macros have been a top choice for ransomware operators in 2016. Opening a document and that then requires enabling macros to see its content is a very common sign of malware, and macros from email should be disabled altogether.

Update and patch: Always update your operating system, and ideally have automatic updates enabled. Opt to update any software you use often, and delete applications you rarely access.

Protect: Have up-to-date antivirus and malware detection software on your endpoint. Allow scans to run completely, and update the software as needed. Enable the security offered by default through your operating system, like firewall or spyware detection.

Junk it: Instead of unsubscribing from spam emails, which will confirm to your spammer that your address is alive, mark it as junk and set up automatic emptying of the junk folder.


Leave a Reply

Your email address will not be published. Required fields are marked *