Ransomware Steals Billions, Most Workers Paying Out Of Pocket

Dan Gunderman

Ransomware is a real and evolving threat to the enterprise – and even more so in 2017.

A recent data vulnerability report has uncovered just how deadly a ransomware attack can be, despite organizational efforts to educate the work force and mitigate breaches.

Intermedia, a cloud business applications provider, conducted the research, which surveyed more than 1,000 office workers on their security behavior. The eye-opening results show that with each targeted – and profitable – attack on an enterprise, employees still appear quite helpless.

Ransomware, of course, is when a hacker, or their respective group, infects devices and holds sensitive information for ransom, until a sum of money is paid. At this point, either the data or files are returned to the holders, or simply not at all. Another demand for payment could be leveled at the worker or enterprise as a whole.

Troubling Statistics

According to Cybersecurity Ventures, ransomware payments worldwide could exceed the $5 billion mark in 2017. That’s a dramatic increase from 2015 levels – when $325 million was paid to these malicious parasites. The average sum paid into one of these schemes by an office worker stands at $1,400, some of which was contributed out-of-pocket by the victims.

Nearly one-third (31%) of surveyed office workers responded that they were not familiar with ransomware, although 70% of them said their respective organizations circulated frequent information about cyber threats. Delving even further, 30% said their organization even referenced WannaCry as an example of the payment-demanding infection.

See related: Data Breaches Surge 164%, Cost Enterprises $52B In 2017

Unhealthy or impulsive cyber activity could ultimately be a heavy hit on the enterprise – in terms of both revenue and productivity. That’s why it comes as a surprise that, in many cases, there was no step-by-step protocol taken by victims, or a semblance of a contingency plan. In fact, the payment methods were so disparate it warrants mention here. Of the victims in an office setting, 59% paid the ransom personally, while 37% said their employers paid. Even within organizations that attempted to get out ahead of these ransomware threats – by issuing employees information about attacks like WannaCry – 69% of employees still paid the ransom.

Ransomware payers were also not of a particular age group or demographic. In fact, 73% of affected office workers categorized as “Millennials” still paid a ransom. This is an age range long thought of as the most “tech-savvy” to enter the marketplace. What’s more, 68% of owners or executive management personally paid down one of these workplace ransoms, according to the research.

Intermedia’s CTO Jonathan Levine said in the report that, overall, there are gaps in awareness pertaining to ransomware and that employees are willing to go to great lengths to recover the heisted data. Still, 19% of the time, the data is not released after the hackers receive payment. Levine’s advice for remedying the issue comes down to more corporate awareness and efforts to recover data without being coerced into payment. The exponential growth in ransomware, Levine says, stems from the fact that enterprises and individuals are willing to pay into it.

On a more micro level, these attacks are also occurring with some frequency within small and midsize businesses (SMB). This could be because without the layers of resources offered by larger entities, these SMBs are more vulnerable to attack. And once these profit-minded hackers latch on, SMBs might feel as though they have no other option but to pay – even when they can’t afford it.

Threat Defense

On mitigating the issue, there are still a few measures to be taken to armor up or at least contain a ransomware attack. One of the steps includes shutting down a computer to get it off the network. Another option – more incumbent on the company – is reminding workers that just because one is not privy to the latest threat, does not mean payment should be made.

What’s more, backup products could streamline business and recovery efforts – meaning file restoration would not have to be a long, arduous process. If this is an option, the company does not need to fuel the cyber-criminals, nor does it have to worry about hoarded files just to relaunch. It would, however, need to step up its threat defense efforts moving forward.

News of these staggering statistics comes in a year laden with ransomware threats – with big-name breaches like WannaCry and Petya affecting companies’ bottom lines. The newest threat, Bad Rabbit, also has its roots in Russia and was reportedly born from hacked files on one of the nation’s media websites. Bad Rabbit takes on the appearance of an Adobe Flash installer, but ultimately demands $275 from its victims within 40 hours.

Bad Rabbit shares some of the same code as Petya, and encrypts files on an infected computer. If a payment is not made, the Rabbit overrides the Master Boot Record (MBR). Anything on the disk drive is subsequently lost.