A rather mind-blowing 70% of businesses hit by ransomware paid the hackers to regain access to hijacked systems and files, according to a new IBM X-Force Ransomware report. Of the attacked
businesses, 20 percent paid over $40,000 to decrypt their files, while more than half paid more than $10,000.
The IBM study [registration required], “Ransomware: How Consumers and Businesses Value Their Data” surveyed 600 business leaders and more than 1,000 consumers in the U.S. to determine the value placed on different types of data.
Around 66% of the report’s respondents are generally worried about hackers compromising data, and almost 60 percent of business leaders said they would be willing to pay the ransom to regain access to financial records, intellectual property, business plans and consumer data, the report found. And depending on the datatype, they’re willing to pay between $20,000 and $50,000 to get their data back.
FBI: “Not A Good Idea To Pay Up”
Law enforcement agencies like the FBI say that it’s not a good idea to pay the ransom. But unlocking patient records in a healthcare site is crucial to keeping patients safe – so hospitals pay up big time.
IBM researchers determined financial returns on ransomware are expected to grow to over $1 billion for cybercriminals in the next year, which means these types of extortion attempts will continue to expand. Almost 40 percent of spam emails sent in 2016 contained ransomware, we expect that number to grow.
Small to medium businesses are less prepared for a ransomware attack than larger businesses. And medium to large organizations are more likely to have taken action in the last three months to protect data.
Further, 74 percent of large organizations require employees to regularly change passwords, versus 56 percent of small companies. And only 30 percent of small organizations offer IT security awareness training. OUCH.
“Cybercriminals have no boundaries when it comes to their targets,” Limor Kessem, executive security advisor for IBM Security, said in a statement. “The digitization of memories, financial information and trade secrets require a renewed vigilance to protect it from extortion schemes like ransomware.”