‘Your money or your data!’ – Most still have never heard of ransomware; while a majority of victims have paid up, IBM says

An ominious countdown clock on a machine infected with ransomware. (Courtesy: IBM)
An ominious countdown clock on a machine infected with ransomware. (Courtesy: IBM)

There’s fresh evidence out Wednesday to show the ransomware epidemic has staying power. Why? Victims are paying ransoms for their data, that’s why.

Madison County, Indiana made headlines last week because it admitted a recent ransomware attack will cost taxpayers there $220,000 — some to the hackers, most for security upgrades.

But Madison County shouldn’t be singled out. Ransomware nightmares  — involving malicious software that encrypts victims’ data and won’t “give it back” unless a fee is paid —  are playing out everywhere.  The Carroll County, Arkansas, sheriff’s department admitted this week it had paid $2,400 to recover data held captive from the its law enforcement management system, which holds reports, bookings and other day-to-day operational data, according to Townhall.com.

The hits keep coming because victims keep paying; and victims keep paying because they seem to have no other choice.  Obviously, criminals keep will keep doing what works.

IBM researchers set out recently to understand the prevalence of ransomware. In a report released Wednesday, IBM’s X-Force said that the volume of spam containing ransomware has skyrocketed.  The FBI claims there were an average of 4,000 attacks per day in the first quarter of 2016.

And yet, IBM found that only 31 percent of consumers had even heard the term “ransomware.” Meanwhile, 75 percent said they “are confident they can protect personal data on a computer they own.”  Meanwhile, 6 out of 10 said they had not taken any action in the past three months to protect themselves from being hacked.

That’s head-in-the-sand stuff, folks. Forward your friends this story now — but don’t include it as an attachment, please.

Meanwhile, companies seem to be more realistic, and more frightened — 56 percent of companies surveyed by the Ponemon Institute said, in a separate study, they are not ready to deal with ransomware. (I have a business partnership with Larry Ponemon at PonemonSullivanReport.com).

All this matters because a majority of consumers and corporations actually say they’d pay to recover data encrypted by a criminal. Some 54 percent said they’d pay up to $100 to get back financial data, and 55 percent said they’d do so to retrieve lost digital photos. Not surprisingly, Parents (71 percent) are much more concerned than non-parents (54 percent) about family digital photos being held for ransom or access blocked.

(Back up those family photos, kids!)

Now, for the meat of the report.  Many corporations told IBM that they had already paid ransom for data — seven in ten of those who have experience with ransomware attacks have done so, with with more than half paying over $10,000, IBM said.  Many paid more.

  • 20 percent paid more than $40,000
  • 25 percent paid $20,000 – $40,000
  • 11 percent paid $10,000 – $20,000

“The perception of the value of data, and the corresponding willingness to pay to retrieve it, increases with company size. Sixty percent of all respondents say their businesses would pay some ransom and they’re most willing to pay for financial (62 percent) and customer/sales records,” the report said.

All this paying up flies in the face of law enforcement’s advice, which is to never pay.

“Paying a ransom doesn’t guarantee an organization that it will get its data back,” said FBI Cyber Division Assistant Director James Trainor in a report earlier this year. “We’ve seen cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cybercriminals to target more organizations; it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding.”

Of course, the FBI is looking at the macro impact, while the victims are looking at a huge, immediate micro problem.

How can you protect yourself?  IBM says the main way ransomware arrives is through an unsolicited email with a booby-trapped attachment — usually a Microsoft Office document that asks for macro permissions. So don’t click on those and you’ve gone a long way towards protecting yourself. Here’s some other tips from IBM.

Banish unsolicited email: Sending a poisoned attachment is one of the most popular infection methods used by ransomware operators. Be very discerning when it comes to what attachments you open and what links you click in emails.

No macros: Office document macros have been a top choice for ransomware operators in 2016. Opening a document and that then requires enabling macros to see its content is a very common sign of malware, and macros from email should be disabled altogether.

Update and patch: Always update your operating system, and ideally have automatic updates enabled. Opt to update any software you use often, and delete applications you rarely access.

Protect: Have up-to-date antivirus and malware detection software on your endpoint. Allow scans to run completely, and update the software as needed. Enable the security offered by default through your operating system, like firewall or spyware detection.

Junk it: Instead of unsubscribing from spam emails, which will confirm to your spammer that your address is alive, mark it as junk and set up automatic emptying of the junk folder.

If you’ve read this far, perhaps you’d like to support what I do. That’s easy. Sign up for my free email list, or click on an advertisement, or just share the story.

Don’t miss a post. Sign up for my newsletter

About Bob Sullivan 1637 Articles
BOB SULLIVAN is a veteran journalist and the author of four books, including the 2008 New York Times Best-Seller, Gotcha Capitalism, and the 2010 New York Times Best Seller, Stop Getting Ripped Off! His latest, The Plateau Effect, was published in 2013, and as a paperback, called Getting Unstuck in 2014. He has won the Society of Professional Journalists prestigious Public Service award, a Peabody award, and The Consumer Federation of America Betty Furness award, and been given Consumer Action’s Consumer Excellence Award.


  1. There is a new Malware called Popcorn Time. If you are infected with Popcorn Time and you cannot pay the ransom, the malware will assist you to infect other computers (say of people you do not like). If two people that you helped get infected pay the ransom, the Malware will let you have your decryption key. I was going to post links to stories on it but you can look it up yourself.

    • Additionally, Popcorn time ‘claims’ to be using the money they collect from the ransom to aide people in Syria but there is no way to verify that and even if that’s the case this isn’t the way to go about getting monetary aide

  2. I’m surprised you didn’t mention the most obvious protection for this type of attack: Have good data backups. They should occur daily at a minimum and more frequently depending on the type of data and the cost of down time. The backups MUST be inaccessible to a user’s computer, otherwise the backups could also get encrypted.

    Also, limit the data that any single user has access to. If a user is a systems admin, they have access to all data. Sys admins should never perform non sys-admin work while using an admin account. My own company (for which I am a sys admin) was hit with ransomware in April. We confidently restored from the previous day’s backup and also quickly isolated the infected system. We lost but one day’s work, which was acceptable to us and much better than paying the ransom.

    Prevention is a good first line of defense but having a backup is more important. FYI, I kept a copy of the infected file to see how long it would take for antivirus to detect it. It took a full week before it was detected, so even up to date AV doesn’t guarantee safety.

    And lastly, please be sure to test the restorability of your backups. You can diligently run backups, but waiting until you need them is a horrible way to discover you can’t restore! Like all emergency procedures, they must be tested from time to time!

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.