There has been a chorus line of vendors in 2016 proclaiming an increase in ransomware threats. IBM is now adding to the mix with a security study released on Dec. 14, reporting that 70 percent of businesses impacted by ransomware end up paying the ransom. IBM is going a step beyond just reporting on ransomware, with a new Dynamic Playbook for Ransomware capabilities in its Resilient Incident Response platform.
The 23-page IBM Security study surveyed 600 business leaders and 1,021 consumers in the U.S. 46 percent of business respondents reported that they had experienced ransomware in their organizations. Of the 46 percent that have been impacted by ransomware, 70 percent admitted that their organization paid the ransom.
The amount paid to ransomware attackers varies, but of those business respondents that paid a ransom, 20 percent paid over $40,000, 25 percent paid between $20,000 and $40,000 and 11 percent paid between $10,00 to $20,000.
On the consumer side, IBM's study found that the propensity to pay a ransom varies depending on whether or not the victim is a parent. 55 percent of consumers that identified themselves as being parents said they would pay a ransom to recover access to photos that had been encrypted, versus only 39 percent for consumers that don't have children.
Other industry research into ransomware has found some similar results. A study released Nov. 18 by security firm SentinelOne reported that 50 percent of organizations have responded to a ransomware campaign. Security firm Kaspersky Lab also reported statistics in November finding that 821,865 Kaspersky users were attacked by some form of ransomware in the third quarter.
A Resilient Playbook for Ransomware
In an effort to help organizations respond quickly to ransomware threats, IBM's Resilient Incident Response Platform (IRP) is being enhanced with a new Dynamic Playbook for ransomware. Ted Julian, Vice President of Product Management and Co-Founder at Resilient, an IBM Company, explained that the basic idea behind the Dynamic Playbooks is to help provide organizations with an automated workflow or 'playbook' for how to deal with a particular security incident.
"There are tasks within the Dynamic Playbook that are conditional and based on how an organization deals with them, that determines what will happen next," Julian told eWEEK.
For example, one of the questions is to evaluate the value of the data that is at risk and if there is a recent backup available. Based on the user responses, the Dynamic Playbook will make a suggestion.
"So if the user says the data is really valuable and they don't have a backup, the user might want to consider paying the ransom to retrieve the data," Julian said.
Resilient also includes all of the various privacy regulation reporting requirements as part of the Dynamic Playbook. Julian noted that if a ransomware attack involved personally identifiable information (PII) than some form of privacy breach disclosure might be necessary. He added that in the event of a breach all of the required privacy reporting tasks are automatically added as part of the Dynamic Playbook.
The Resilient platform also enables organizations to run simulations to practice responses to potential attacks. Being prepared and having a plan for how to deal with security incidents is a good way for organizations to help control both the costs and the risks of a potential attack.
"Part of the value is giving organizations a platform to practice incident response, get educated and in doing so, bring order to what would otherwise be a very chaotic process," Julian said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist