Digital extortion by means of ransomware or a systems breach was one of the most prominent threats to consumers and businesses in 2016. It seems IBM Security’s prediction materialized quite excessively this past year.

Ransomware is a generic name for a family of computer bugs programmed to lock up endpoints, such as PCs, servers or mobile devices, in various ways. Ransomware encrypts data on the endpoint or revokes access to the endpoint itself, then asks the victim to pay a ransom to regain control of the endpoint. A ransomware attack can affect an individual or organization anywhere in the world.

Ransomware on the Rise

In just the first three months of 2016, U.S. companies shelled out more than $209 million in ransomware payments. That’s a dramatic 771 percent increase from the nearly $24 million companies reportedly spent in all of 2015. Cybercriminals are spreading these threats to a growing number of people and organizations.

According to IBM X-Force, the volume of spam quadrupled in the last 23 months. Even more worrying is the marked increase in ransomware attached to spam, the rate of which is up 6,000 percent. While the average ransomware attachment rate was 0.6 percent in 2015, it has boomed to nearly 40 percent in 2016.

It is no surprise that the FBI and international law enforcement have been issuing alerts about this threat. The FBI estimated that ransomware is on pace to become a $1 billion source of income for cybercriminals by the end of 2016, a number that is expected to continue to rise in 2017. In that regard, Europol recently warned that ransomware is one of the biggest online threats affecting consumers and businesses this year, and it is unlikely to slow down in the foreseeable future.

Critical Data in the Cross Hairs of Ransomware Attacks

What would you do if cybercriminals managed to infect your computer with malware and encrypt all your files? Would you be concerned about saved work? Would you lament the loss of irreplaceable pictures and videos? Would you pay to get them back? If so, how much are you willing to spend? The average fee demanded by ransomware is over $500, but it may cost up to five times that amount.

What if a cybercrime gang breached a company server to steal all your organization’s intellectual property? What if all the computers in the hospital you manage were encrypted and held hostage? Would you pay? Attackers are counting on you to do just that.

To provide a clearer view into the unrelenting losses to ransomware, IBM fielded a U.S.-based consumer and business research study to determine the value employees and business executives place on data, and gauge their awareness and knowledge about ransomware. The results are alarming: The survey showed an overall lack of awareness and preparedness in the face of the rising risk of ransomware.

The Consumer Take

Consumers interviewed about ransomware provided some startling results. The targets of this highly prolific threat are all too often completely unaware of its existence. According to the IBM survey, only 1 in 3 consumers had ever heard of ransomware. Moreover, most were unlikely to take protective measures to avoid ransomware.

When asked about the importance of data, the scenario became more realistic to the respondents. For example, 55 percent of parents would pay to recover precious memories, versus only 39 percent of nonparents. In terms of other files, most respondents balked at the idea of paying a cybercriminal for their data. Many indicated that if were to consider caving in to fraudsters’ demands, they would not pay more than $100 to recover important data. In reality, however, consumers often end up paying a lot more than they would imagine, since ransomware demands average at least five times that amount.

The Enterprise Take

On the enterprise side, the IBM survey found that most employees are unaware of what ransomware is or how it can affect their company. The survey results showed that both awareness and the perceived willingness to pay to recover data depended on business size and previous experience with similar attacks.

Download the latest ransomware report from IBM X-Force

Seventy percent of businesses previously hit by ransomware indicated that they had paid the ransom to recover company data. Of that portion, 50 percent paid over $10,000 and 20 percent paid over $40,000. Furthermore, 60 percent of business executives surveyed believed they would pay to recover data in the future. Depending on the type of data lost, they indicated they would be willing to pay between $20,000 and $50,000 to regain access.

To Pay or Not to Pay?

With ransomware, the question is still to pay or not to pay? The FBI and other law enforcement agencies have advised victims to avoid paying a ransom. Paying only encourages cybercriminals to continue spreading their malware and raking in cash.

For more statistics and pointed advice to help you minimize the window of opportunity for a ransomware attack, download the full report, “Ransomware: How Consumers and Businesses Value Their Data.”


More from X-Force

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

11 min read - As of December 2023, IBM X-Force has uncovered multiple lure documents that predominately feature the ongoing Israel-Hamas war to facilitate the delivery of the ITG05 exclusive Headlace backdoor. The newly discovered campaign is directed against targets based in at least 13 nations worldwide and leverages authentic documents created by academic, finance and diplomatic centers. ITG05’s infrastructure ensures only targets from a single specific country can receive the malware, indicating the highly targeted nature of the campaign.X-Force tracks ITG05 as a…

Exploiting GOG Galaxy XPC service for privilege escalation in macOS

7 min read - Being part of the Adversary Services team at IBM, it is important to keep your skills up to date and learn new things constantly. macOS security was one field where I decided to put more effort this year to further improve my exploitation and operation skills in macOS environments. During my research, I decided to try and discover vulnerabilities in software that I had pre-installed on my laptop, which resulted in the discovery of this vulnerability. In this article, I…

IBM identifies zero-day vulnerability in Zyxel NAS devices

12 min read - While investigating CVE-2023-27992, a vulnerability affecting Zyxel network-attached storage (NAS) devices, the IBM X-Force uncovered two new flaws, which when used together, allow for pre-authenticated remote code execution. Zyxel NAS devices are typically used by consumers as cloud storage devices for homes or small to medium-sized businesses. When used together, the flaws X-Force discovered allow a remote attacker to execute arbitrary code on the device with superuser permissions and without requiring any credentials. This results in complete control over the…

Stealthy WailingCrab Malware misuses MQTT Messaging Protocol

14 min read - This article was made possible thanks to the hard work of writer Charlotte Hammond and contributions from Ole Villadsen and Kat Metrick. IBM X-Force researchers have been tracking developments to the WailingCrab malware family, in particular, those relating to its C2 communication mechanisms, which include misusing the Internet-of-Things (IoT) messaging protocol MQTT. WailingCrab, also known as WikiLoader, is a sophisticated, multi-component malware delivered almost exclusively by an initial access broker that X-Force tracks as Hive0133, which overlaps with TA544. WailingCrab…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today