IBM’s data shows that 40 percent of all spam sent in 2016 was ransomware.
Think consumers are more likely to fall victim to ransomware than businesses? Think again.
A new study from IBM Security found that 70 percent of businesses infected with ransomware have paid money to regain access to business data and systems. In comparison, around 50 percent of consumers surveyed said they would do the same.
For the uninitiated, IBM Security defines ransomware as “an extortion technique used by cybercriminals where data on computers and other devices is encrypted and held for ransom until a specified amount of money is paid.” The firm called it one of the top cybersecurity threats of the year, noting that the FBI estimates cybercriminals made $209 million off ransomware in the first three months of the year alone.
That puts it on pace to be a $1 billion business in 2016. IBM’s data shows that 40 percent of all spam sent this year was ransomware.
The company surveyed 600 business leaders and more than 1,000 consumers to get a better idea of the scope of the issue. On the business side, IBM found that nearly half of all executives surveyed have experienced ransomware attacks in the workplace, with the majority paying up to resolve the attack. This isn’t a cheap fix, either: half of those affected spent more than $10,000 while 20 percent paid more than $40,000.
Reputation and the ability to continue operating likely plays a role. This year, we saw a number of hospitals hit by ransomware attacks that locked systems, for example. Hollywood Presbyterian Hospital in California paid attackers 40 bitcoins (approximately $17,000 at the time) to free its systems from ransomware. A month later, Methodist Hospital in Kentucky became the target of an attack; hackers demanded four bitcoins for a key to unlock the encrypted files.
On the consumer side, IBM found that “cybercriminals are having their best success leveraging ransomware against parents.” Thirty-nine percent of parents surveyed have experienced ransomware, compared to 29 percent of non-parents.
“IBM’s analysis determined that parents are more motivated to pay due to sentimental value and children’s happiness,” the firm said. Fifty-five percent of parents said they would pay to regain access to lost photos, compared to 39 percent of non-parents. People are also more apt to pay up when their financial information is involved, the survey revealed. When it reaches consumers, ransomware typically demands $500 or more, depending on the victim and the amount of time the person waits before paying.