Ransomware hits keep coming—and victims keep paying

Despite advice to the contrary, many cough up cash to retrieve data, perpetuating hack

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

There’s fresh evi­dence to show the ran­somware epi­dem­ic has stay­ing pow­er.

Why? Vic­tims are pay­ing ran­soms for their data, that’s why.

Madi­son Coun­ty, Indi­ana, made head­lines last week because it admit­ted a recent ran­somware attack will cost tax­pay­ers there $220,000—some to the hack­ers, most for secu­ri­ty upgrades.

Relat­ed info­graph­ic: How ‘malver­tis­ing’ spreads ran­somware

But Madi­son Coun­ty shouldn’t be sin­gled out. Ran­somware nightmares—involving mali­cious soft­ware that encrypts vic­tims’ data and won’t “give it back” unless a fee is paid— are play­ing out every­where. The Car­roll Coun­ty, Arkansas, sheriff’s depart­ment admit­ted this week it had paid $2,400 to recov­er data held cap­tive from its law enforce­ment man­age­ment sys­tem, which holds reports, book­ings and oth­er day-to-day oper­a­tional infor­ma­tion.

The hits keep com­ing because vic­tims keep pay­ing; and vic­tims keep pay­ing because they seem to have no oth­er choice. Obvi­ous­ly, crim­i­nals will keep doing what works.

IBM researchers set out recent­ly to under­stand the preva­lence of ran­somware. In a report released Wednes­day, IBM’s X-Force said that the vol­ume of spam con­tain­ing ran­somware has sky­rock­et­ed. The FBI claims there were an aver­age of 4,000 attacks per day in the first quar­ter of 2016.

Many unaware of ransomware’s exis­tence

And yet, IBM found that only 31 per­cent of con­sumers had even heard the term “ran­somware.” Mean­while, 75 per­cent said they “are con­fi­dent they can pro­tect per­son­al data on a com­put­er they own.” Mean­while, six out of 10 said they had not tak­en any action in the past three months to pro­tect them from being hacked.

That’s head-in-the-sand stuff, folks. For­ward your friends this sto­ry now—but don’t include it as an attach­ment, please.

Mean­while, com­pa­nies seem to be more real­is­tic, and more frightened—56 per­cent of com­pa­nies sur­veyed by the Ponemon Insti­tute said, in a sep­a­rate study, they are not ready to deal with ran­somware. (I have a busi­ness part­ner­ship with Lar­ry Ponemon at PonemonSullivanReport.com).

All this mat­ters because a major­i­ty of con­sumers and cor­po­ra­tions actu­al­ly say they’d pay to recov­er data encrypt­ed by a crim­i­nal. Some 54 per­cent said they’d pay up to $100 to get back finan­cial data, and 55 per­cent said they’d do so to retrieve lost dig­i­tal pho­tos. Not sur­pris­ing­ly, par­ents (71 per­cent) are much more con­cerned than non­par­ents (54 per­cent) about fam­i­ly dig­i­tal pho­tos being held for ran­som or access blocked.

Back up those fam­i­ly pho­tos, kids!

Cor­po­ra­tions admit already hav­ing paid

Now, for the meat of the report: Many cor­po­ra­tions told IBM they already had paid ran­som for data—seven in 10 of those who have expe­ri­ence with ran­somware attacks have done so, with more than half pay­ing over $10,000, IBM said. And many paid more:

20 per­cent paid more than $40,000

25 per­cent paid $20,000-$40,000

11 per­cent paid $10,000-$20,000

The per­cep­tion of the val­ue of data, and the cor­re­spond­ing will­ing­ness to pay to retrieve it, increas­es with com­pa­ny size. Six­ty per­cent of all respon­dents say their busi­ness­es would pay some ran­som and they’re most will­ing to pay for finan­cial (62 per­cent) and customer/sales records,” the report said.

Don’t expect hack­ers to play by rules

All this pay­ing up flies in the face of law enforcement’s advice, which is to nev­er pay.

Pay­ing a ran­som doesn’t guar­an­tee an orga­ni­za­tion that it will get its data back,” said FBI Cyber Divi­sion Assis­tant Direc­tor James Train­or in a report ear­li­er this year. “We’ve seen cas­es where orga­ni­za­tions nev­er got a decryp­tion key after hav­ing paid the ran­som. Pay­ing a ran­som not only embold­ens cur­rent cyber crim­i­nals to tar­get more orga­ni­za­tions, it also offers an incen­tive for oth­er crim­i­nals to get involved in this type of ille­gal activ­i­ty. And final­ly, by pay­ing a ran­som, an orga­ni­za­tion might inad­ver­tent­ly be fund­ing.”

Of course, the FBI is look­ing at the macro impact, while the vic­tims are look­ing at a huge, imme­di­ate micro prob­lem.

How can you pro­tect your­self? IBM says the main way ran­somware arrives is through an unso­licit­ed email with a boo­by-trapped attachment—usually a Microsoft Office doc­u­ment that asks for macro per­mis­sions. So don’t click on those and you’ve gone a long way toward pro­tect­ing your­self. Here are some oth­er tips from IBM:

Ban­ish unso­licit­ed email: Send­ing a poi­soned attach­ment is one of the most pop­u­lar infec­tion meth­ods used by ran­somware oper­a­tors. Be very dis­cern­ing when it comes to what attach­ments you open and what links you click in emails.

No macros: Office doc­u­ment macros have been a top choice for ran­somware oper­a­tors in 2016. Open­ing a doc­u­ment that then requires enabling macros to see its con­tent is a very com­mon sign of mal­ware, and macros from email should be dis­abled alto­geth­er.

Update and patch: Always update your oper­at­ing sys­tem, and ide­al­ly have auto­mat­ic updates enabled. Opt to update any soft­ware you use often, and delete appli­ca­tions you rarely access.

Pro­tect: Have up-to-date antivirus and mal­ware detec­tion soft­ware on your end­point. Allow scans to run com­plete­ly, and update the soft­ware as need­ed. Enable the secu­ri­ty offered by default through your oper­at­ing sys­tem, like fire­wall or spy­ware detec­tion.

Junk it: Instead of unsub­scrib­ing from spam emails, which will con­firm to your spam­mer that your address is alive, mark it as junk and set up auto­mat­ic emp­ty­ing of the junk fold­er.

More sto­ries relat­ed to ran­somware:
Evolv­ing ran­somware tar­gets schools, local gov­ern­ment agen­cies
Under­stand­ing ran­somware helps orga­ni­za­tions devise solu­tions

Your mon­ey or your data: Ran­somware attacks leave every­one vul­ner­a­ble

 


Posted in Data Breach, Data Security, Featured Story