Digital extortion by means of ransomware or a systems breach was one of the most prominent threats to consumers and businesses in 2016. It seems IBM Security’s prediction materialized quite excessively this past year.

Ransomware is a generic name for a family of computer bugs programmed to lock up endpoints, such as PCs, servers or mobile devices, in various ways. Ransomware encrypts data on the endpoint or revokes access to the endpoint itself, then asks the victim to pay a ransom to regain control of the endpoint. A ransomware attack can affect an individual or organization anywhere in the world.

Ransomware on the Rise

In just the first three months of 2016, U.S. companies shelled out more than $209 million in ransomware payments. That’s a dramatic 771 percent increase from the nearly $24 million companies reportedly spent in all of 2015. Cybercriminals are spreading these threats to a growing number of people and organizations.

According to IBM X-Force, the volume of spam quadrupled in the last 23 months. Even more worrying is the marked increase in ransomware attached to spam, the rate of which is up 6,000 percent. While the average ransomware attachment rate was 0.6 percent in 2015, it has boomed to nearly 40 percent in 2016.

It is no surprise that the FBI and international law enforcement have been issuing alerts about this threat. The FBI estimated that ransomware is on pace to become a $1 billion source of income for cybercriminals by the end of 2016, a number that is expected to continue to rise in 2017. In that regard, Europol recently warned that ransomware is one of the biggest online threats affecting consumers and businesses this year, and it is unlikely to slow down in the foreseeable future.

Critical Data in the Cross Hairs of Ransomware Attacks

What would you do if cybercriminals managed to infect your computer with malware and encrypt all your files? Would you be concerned about saved work? Would you lament the loss of irreplaceable pictures and videos? Would you pay to get them back? If so, how much are you willing to spend? The average fee demanded by ransomware is over $500, but it may cost up to five times that amount.

What if a cybercrime gang breached a company server to steal all your organization’s intellectual property? What if all the computers in the hospital you manage were encrypted and held hostage? Would you pay? Attackers are counting on you to do just that.

To provide a clearer view into the unrelenting losses to ransomware, IBM fielded a U.S.-based consumer and business research study to determine the value employees and business executives place on data, and gauge their awareness and knowledge about ransomware. The results are alarming: The survey showed an overall lack of awareness and preparedness in the face of the rising risk of ransomware.

The Consumer Take

Consumers interviewed about ransomware provided some startling results. The targets of this highly prolific threat are all too often completely unaware of its existence. According to the IBM survey, only 1 in 3 consumers had ever heard of ransomware. Moreover, most were unlikely to take protective measures to avoid ransomware.

When asked about the importance of data, the scenario became more realistic to the respondents. For example, 55 percent of parents would pay to recover precious memories, versus only 39 percent of nonparents. In terms of other files, most respondents balked at the idea of paying a cybercriminal for their data. Many indicated that if were to consider caving in to fraudsters’ demands, they would not pay more than $100 to recover important data. In reality, however, consumers often end up paying a lot more than they would imagine, since ransomware demands average at least five times that amount.

The Enterprise Take

On the enterprise side, the IBM survey found that most employees are unaware of what ransomware is or how it can affect their company. The survey results showed that both awareness and the perceived willingness to pay to recover data depended on business size and previous experience with similar attacks.

Download the latest ransomware report from IBM X-Force

Seventy percent of businesses previously hit by ransomware indicated that they had paid the ransom to recover company data. Of that portion, 50 percent paid over $10,000 and 20 percent paid over $40,000. Furthermore, 60 percent of business executives surveyed believed they would pay to recover data in the future. Depending on the type of data lost, they indicated they would be willing to pay between $20,000 and $50,000 to regain access.

To Pay or Not to Pay?

With ransomware, the question is still to pay or not to pay? The FBI and other law enforcement agencies have advised victims to avoid paying a ransom. Paying only encourages cybercriminals to continue spreading their malware and raking in cash.

For more statistics and pointed advice to help you minimize the window of opportunity for a ransomware attack, download the full report, “Ransomware: How Consumers and Businesses Value Their Data.”

 

More from X-Force

Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns

13 min read - Summary As of March 2024, X-Force is tracking multiple ongoing ITG05 phishing campaigns featuring lure documents crafted to imitate authentic documents of government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated documents associated with finance, critical infrastructure, executive engagements, cyber security, maritime security, healthcare, business, and defense industrial production. Beginning in November 2023, X-Force observed…

Why federal agencies need a mission-centered cyber response

4 min read - Cybersecurity continues to be a top focus for government agencies with new cybersecurity requirements. Threats in recent years have crossed from the digital world to the physical and even involved critical infrastructure, such as the cyberattack on SolarWinds and the Colonial Pipeline ransomware attack. According to the IBM Cost of a Data Breach 2023 Report, a breach in the public sector, which includes government agencies, is up to $2.6 million from $2.07 million in 2022. Government agencies need to move…

CVE-2023-20078 technical analysis: Identifying and triggering a command injection vulnerability in Cisco IP phones

7 min read - CVE-2023-20078 catalogs an unauthenticated command injection vulnerability in the web-based management interface of Cisco 6800, 7800, and 8800 Series IP Phones with Multiplatform Firmware installed; however, limited technical analysis is publicly available. This article presents my findings while researching this vulnerability. In the end, the reader should be equipped with the information necessary to understand and trigger this vulnerability.Vulnerability detailsThe following Cisco Security Advisory (Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities - Cisco) details CVE-2023-20078 and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today