1Most Businesses Pay Off Ransomware Attackers, IBM Study Finds
An IBM Security study finds that only a minority of consumers have heard of ransomware and businesses hit by such attacks are willing to pay to get data back.
2Ransomware Attacks Arrive in Spam Emails
Ransomware is typically delivered to victims as an email attachment. Over the course of 2016, IBM X-Force observed a massive increase in the volume of spam emails that contained ransomware attachments, growing to nearly 40 percent in 2016 from 0.6 percent in 2015.
3Most Consumers Don’t Know about Ransomware
Despite media headlines and the high volume or ransomware spam emails, consumer awareness is low. IBM’s survey found that only 31 percent of consumers had ever heard of ransomware.
4Businesses Paying Ransoms to Retrieve Data
While consumers are largely unaware of ransomware, the same cannot be said for businesses. A whopping 70 percent of businesses surveyed by IBM that had been impacted by ransomware ended up paying the ransom.
5Ransomware Payments Vary
The amount paid by victims of ransomware varies, with 50 percent paying $10,000 or more and 20 percent of victims paying more than $40,000.
6Willingness to Pay Ransom Depends on Data Value
When it comes to organizations determining whether a ransom will be paid, IBM found their willingness varies based on the size of the organization and the data at risk. Almost two-thirds (62 percent) of respondents said they would pay a ransom to recover financial, customer or sales records, while 58 percent said they would pay for business plans and source code.
7Parents More Willing to Pay Ransoms
For consumers, a key indicator of whether a ransom will be paid is if the victim is a parent: 55 percent of parents told IBM that they would pay to recover photos and contacts, while only 39 percent of non-parents would do so.
8Bitcoin is the Top Payment Method
While payment amounts can vary, the method of payment is consistent. Most ransomware campaigns require the use of bitcoin payments, which are more difficult for law enforcement to track.