Ransomware hits keep coming—and victims keep paying

Despite advice to the contrary, many cough up cash to retrieve data, perpetuating hack

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

There’s fresh evidence to show the ransomware epidemic has staying power.

Why? Victims are paying ransoms for their data, that’s why.

Madison County, Indiana, made headlines last week because it admitted a recent ransomware attack will cost taxpayers there $220,000—some to the hackers, most for security upgrades.

Related infographic: How ‘malvertising’ spreads ransomware

But Madison County shouldn’t be singled out. Ransomware nightmares—involving malicious software that encrypts victims’ data and won’t “give it back” unless a fee is paid— are playing out everywhere. The Carroll County, Arkansas, sheriff’s department admitted this week it had paid $2,400 to recover data held captive from its law enforcement management system, which holds reports, bookings and other day-to-day operational information.

The hits keep coming because victims keep paying; and victims keep paying because they seem to have no other choice. Obviously, criminals will keep doing what works.

IBM researchers set out recently to understand the prevalence of ransomware. In a report released Wednesday, IBM’s X-Force said that the volume of spam containing ransomware has skyrocketed. The FBI claims there were an average of 4,000 attacks per day in the first quarter of 2016.

Many unaware of ransomware’s existence

And yet, IBM found that only 31 percent of consumers had even heard the term “ransomware.” Meanwhile, 75 percent said they “are confident they can protect personal data on a computer they own.” Meanwhile, six out of 10 said they had not taken any action in the past three months to protect them from being hacked.

That’s head-in-the-sand stuff, folks. Forward your friends this story now—but don’t include it as an attachment, please.

Meanwhile, companies seem to be more realistic, and more frightened—56 percent of companies surveyed by the Ponemon Institute said, in a separate study, they are not ready to deal with ransomware. (I have a business partnership with Larry Ponemon at PonemonSullivanReport.com).

All this matters because a majority of consumers and corporations actually say they’d pay to recover data encrypted by a criminal. Some 54 percent said they’d pay up to $100 to get back financial data, and 55 percent said they’d do so to retrieve lost digital photos. Not surprisingly, parents (71 percent) are much more concerned than nonparents (54 percent) about family digital photos being held for ransom or access blocked.

Back up those family photos, kids!

Corporations admit already having paid

Now, for the meat of the report: Many corporations told IBM they already had paid ransom for data—seven in 10 of those who have experience with ransomware attacks have done so, with more than half paying over $10,000, IBM said. And many paid more:

20 percent paid more than $40,000

25 percent paid $20,000-$40,000

11 percent paid $10,000-$20,000

“The perception of the value of data, and the corresponding willingness to pay to retrieve it, increases with company size. Sixty percent of all respondents say their businesses would pay some ransom and they’re most willing to pay for financial (62 percent) and customer/sales records,” the report said.

Don’t expect hackers to play by rules

All this paying up flies in the face of law enforcement’s advice, which is to never pay.

“Paying a ransom doesn’t guarantee an organization that it will get its data back,” said FBI Cyber Division Assistant Director James Trainor in a report earlier this year. “We’ve seen cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding.”

Of course, the FBI is looking at the macro impact, while the victims are looking at a huge, immediate micro problem.

How can you protect yourself? IBM says the main way ransomware arrives is through an unsolicited email with a booby-trapped attachment—usually a Microsoft Office document that asks for macro permissions. So don’t click on those and you’ve gone a long way toward protecting yourself. Here are some other tips from IBM:

Banish unsolicited email: Sending a poisoned attachment is one of the most popular infection methods used by ransomware operators. Be very discerning when it comes to what attachments you open and what links you click in emails.

No macros: Office document macros have been a top choice for ransomware operators in 2016. Opening a document that then requires enabling macros to see its content is a very common sign of malware, and macros from email should be disabled altogether.

Update and patch: Always update your operating system, and ideally have automatic updates enabled. Opt to update any software you use often, and delete applications you rarely access.

Protect: Have up-to-date antivirus and malware detection software on your endpoint. Allow scans to run completely, and update the software as needed. Enable the security offered by default through your operating system, like firewall or spyware detection.

Junk it: Instead of unsubscribing from spam emails, which will confirm to your spammer that your address is alive, mark it as junk and set up automatic emptying of the junk folder.

More stories related to ransomware:
Evolving ransomware targets schools, local government agencies
Understanding ransomware helps organizations devise solutions

Your money or your data: Ransomware attacks leave everyone vulnerable