2016 has been a banner year for ransomware cybercriminals. We have seen a dramatic rise in the use of ransomware, and businesses continue to become victims to ransomware, primarily through phishing and spear phishing schemes.
The cybercriminals are getting so brazen, that when they attack a business with ransomware, they actually provide instructions on how to pay the ransom with bitcoin and provide a link.
The problem is that businesses who are victimized continue to pay the criminals as often it is cheaper to pay than to try to get the system back up and running. The FBI continues to urge businesses not to pay, as paying will only provide further incentive to the criminals to continue to prey on victims.
Nonetheless, IBM Security recently released a report that concludes that over 70 percent of companies infected with ransomware pay the ransom to get the decryption key for access to data. Half of the 1,621 companies surveyed said they had already been attacked with ransomware. Of the 70 percent who paid, more than half paid more than $10,000 for the decryption key, while 20 percent paid more than $40,000.
Even more disturbing is the fact that 60 percent of executives said they would pay to recover their data and 25 percent of them said they would pay between $20,000 and $50,000 to recover customer records, financial information, intellectual property and business plans.
Based upon the survey, it does not appear that ransomware is going to go away any time soon. The profit margins and incentives are high for cyber criminals to continue on the same path of attacking businesses with ransomware in 2017.