Ransomware became big business for cyber-criminals in 2016 with the malware on pace to bring in a record $1 billion for cyber-criminals this year, according to IBM. One of the reasons for that could be because so many businesses give into their demands—70% of them in fact.
An analysis by IBM X-Force found that out of this 70%, half paid $10,000+, while 20% paid $40,000+.
The survey also showed that 60% of all business executives indicated they’d be willing to pay ransom to recover data. Further, 25% of business executives said, depending upon the data type, they would be willing to pay between $20,000 and $50,000 to get access back to data.
Small businesses remain a ripe target for ransomware. Only 29% of small businesses surveyed have experience with ransomware attacks compared to 57% of medium-size businesses. While cyber-criminals may not view these businesses as offering a big payday, a lack of training on workplace IT security best practices can make them vulnerable. The study found that only 30% of small businesses surveyed offer security training to their employees, compared to 58% of larger companies.
To boot, cyber-criminals have turned ransomware extortion into a volume play, being less selective with their targets and more opportunistic. IBM found that the volume of spam e-mails containing ransomware hit epic proportions in 2016 with a staggering 6,000% increase from 2015.
Put another way, in 2015, .6% of all spam included ransomware, but in 2016 it was in nearly 40% or all spam messages.
Consumers aren’t much better off: IBM found that 55% of parents would pay the ransom to get back personal photos and memories. And 37% of consumers said they would pay over $100 to get data back. The reality is, most ransomware typically fetch $300 or more.
“While consumers and businesses have different experiences with ransomware, cybercriminals have no boundaries when it comes to their targets,” said Limor Kessem, executive security advisor, IBM Security and the report’s author. “The digitization of memories, financial information and trade secrets require a renewed vigilance to protect it from extortion schemes like ransomware. Cyber-criminals are taking advantage of our reliance on devices and digital data creating pressure points that test our willingness to lose precious memories or financial security.”