Digital extortion by means of ransomware or a systems breach was one of the most prominent threats to consumers and businesses in 2016. It seems IBM Security’s prediction materialized quite excessively this past year.

Ransomware is a generic name for a family of computer bugs programmed to lock up endpoints, such as PCs, servers or mobile devices, in various ways. Ransomware encrypts data on the endpoint or revokes access to the endpoint itself, then asks the victim to pay a ransom to regain control of the endpoint. A ransomware attack can affect an individual or organization anywhere in the world.

Ransomware on the Rise

In just the first three months of 2016, U.S. companies shelled out more than $209 million in ransomware payments. That’s a dramatic 771 percent increase from the nearly $24 million companies reportedly spent in all of 2015. Cybercriminals are spreading these threats to a growing number of people and organizations.

According to IBM X-Force, the volume of spam quadrupled in the last 23 months. Even more worrying is the marked increase in ransomware attached to spam, the rate of which is up 6,000 percent. While the average ransomware attachment rate was 0.6 percent in 2015, it has boomed to nearly 40 percent in 2016.

It is no surprise that the FBI and international law enforcement have been issuing alerts about this threat. The FBI estimated that ransomware is on pace to become a $1 billion source of income for cybercriminals by the end of 2016, a number that is expected to continue to rise in 2017. In that regard, Europol recently warned that ransomware is one of the biggest online threats affecting consumers and businesses this year, and it is unlikely to slow down in the foreseeable future.

Critical Data in the Cross Hairs of Ransomware Attacks

What would you do if cybercriminals managed to infect your computer with malware and encrypt all your files? Would you be concerned about saved work? Would you lament the loss of irreplaceable pictures and videos? Would you pay to get them back? If so, how much are you willing to spend? The average fee demanded by ransomware is over $500, but it may cost up to five times that amount.

What if a cybercrime gang breached a company server to steal all your organization’s intellectual property? What if all the computers in the hospital you manage were encrypted and held hostage? Would you pay? Attackers are counting on you to do just that.

To provide a clearer view into the unrelenting losses to ransomware, IBM fielded a U.S.-based consumer and business research study to determine the value employees and business executives place on data, and gauge their awareness and knowledge about ransomware. The results are alarming: The survey showed an overall lack of awareness and preparedness in the face of the rising risk of ransomware.

The Consumer Take

Consumers interviewed about ransomware provided some startling results. The targets of this highly prolific threat are all too often completely unaware of its existence. According to the IBM survey, only 1 in 3 consumers had ever heard of ransomware. Moreover, most were unlikely to take protective measures to avoid ransomware.

When asked about the importance of data, the scenario became more realistic to the respondents. For example, 55 percent of parents would pay to recover precious memories, versus only 39 percent of nonparents. In terms of other files, most respondents balked at the idea of paying a cybercriminal for their data. Many indicated that if were to consider caving in to fraudsters’ demands, they would not pay more than $100 to recover important data. In reality, however, consumers often end up paying a lot more than they would imagine, since ransomware demands average at least five times that amount.

The Enterprise Take

On the enterprise side, the IBM survey found that most employees are unaware of what ransomware is or how it can affect their company. The survey results showed that both awareness and the perceived willingness to pay to recover data depended on business size and previous experience with similar attacks.

Download the latest ransomware report from IBM X-Force

Seventy percent of businesses previously hit by ransomware indicated that they had paid the ransom to recover company data. Of that portion, 50 percent paid over $10,000 and 20 percent paid over $40,000. Furthermore, 60 percent of business executives surveyed believed they would pay to recover data in the future. Depending on the type of data lost, they indicated they would be willing to pay between $20,000 and $50,000 to regain access.

To Pay or Not to Pay?

With ransomware, the question is still to pay or not to pay? The FBI and other law enforcement agencies have advised victims to avoid paying a ransom. Paying only encourages cybercriminals to continue spreading their malware and raking in cash.

For more statistics and pointed advice to help you minimize the window of opportunity for a ransomware attack, download the full report, “Ransomware: How Consumers and Businesses Value Their Data.”

 

More from X-Force

Strela Stealer: Today’s invoice is tomorrow’s phish

12 min read - As of November 2024, IBM X-Force has tracked ongoing Hive0145 campaigns delivering Strela Stealer malware to victims throughout Europe - primarily Spain, Germany and Ukraine. The phishing emails used in these campaigns are real invoice notifications, which have been stolen through previously exfiltrated email credentials. Strela Stealer is designed to extract user credentials stored in Microsoft Outlook and Mozilla Thunderbird. During the past 18 months, the group tested various techniques to enhance its operation's effectiveness. Hive0145 is likely to be…

Hive0147 serving juicy Picanha with a side of Mekotio

17 min read - IBM X-Force tracks multiple threat actors operating within the flourishing Latin American (LATAM) threat landscape. X-Force has observed Hive0147 to be one of the most active threat groups operating in the region, targeting employee inboxes at scale, with a primary focus on phishing and malware distribution. After a 3-month break, Hive0147 returned in July with even larger campaign volumes, and the debut of a new malicious downloader X-Force named "Picanha,” likely under continued development, deploying the Mekotio banking trojan. Hive0147…

FYSA – Critical RCE Flaw in GNU-Linux Systems

2 min read - Summary The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service. Threat Topography Threat Type: Remote code execution vulnerability in CUPS service Industries Impacted: UNIX-based systems across various industries, including but not limited to, finance, healthcare,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today