A recent study conducted on behalf of IBM Security has clearly demonstrated why ransomware has proved so popular with cybercriminals. Out of 600 businesses that were surveyed, almost half reported having experienced a ransomware attack. Out of those that had, 70% paid the attackers to supply keys to unlock the encryption.
Ransom demands are typically around $700 per infected device, although the amounts charged can vary considerably. However, the ransom demands issued to business are considerably higher than those issued to consumers mostly because infections spread through networks and result in many devices being encrypted.
The businesses that had paid a ransom to regain access to their data were forced to dig deep. Half of businesses paid more than $10,000 for the keys to unlock their data while 20% of organizations said they had paid more than $40,000.
With so many businesses paying up, and the ransomware payments so large, it is unsurprising that ransomware has proved so popular with cybercriminals. Earlier this year, the FBI estimated that in the first 3 months of 2016 alone cybercriminals had made an estimated $209 million from ransomware attacks. As IBM Security pointed out, if you extrapolate those figures the annual income is likely to top $1 billion. Ransomware is big business.
Many businesses have invested heavily in ransomware defenses to protect their computers and servers from attack; however, even state-of-the-art security can all too easily be undone. Employees are still being fooled into installing ransomware by clicking on malicious files attached to emails or clicking on malicious links. Even casual Internet surfing can result in a ransomware infection via a drive-by download or exploit kit.
Ransomware is also evolving. Ransomware can now spread from a single machine through an entire network, encrypting huge numbers of files and taking hundreds of computers and servers out of action. Even backup files, which should allow businesses to recover their data without paying a ransom, are being encrypted.
The IBM Survey showed that for many organizations data loss just simply isn’t an option. 60% of surveyed executives said that if they were attacked and could not recover their files they would pay the attackers for the keys to unlock the encryption. While the type of data encrypted did have a bearing on whether a ransom was paid, a quarter of executives said they would pay between $20,000 and $50,000 to recover ransomware-encrypted data, especially if intellectual property, business plans, customer records, or financial records were encrypted.
Even with the threat level at critical, many businesses are slow to take action to neutralize the threat. Only 58% of large organizations provides security awareness training to their staff and the figure drops to 30% for small businesses.
Unless training improves and security defenses increased, 2017 looks set to be far worse than 2016 for ransomware infections.