Ransomware is continuing to find victims and quite a few are deciding to pay, researchers said.
Since the beginning of 2016, ransomware has gone from a relatively exclusive category of malware utility to a mainstream destructive tool used in phishing attacks against individuals and companies alike, said researchers at Trustlook.
Ransomware is now so abundant it cost businesses $1 billion in 2016, according to a new report. Moreover, ransomware has been identified by the Department of Justice (DoJ) as the “biggest cyberthreat” of 2017.
While it’s true attackers may have more to gain from large organizations, researchers said they see consumers, with their lack of sophistication in security, as lower-hanging fruit. Because consumers usually have fewer information security resources than large organizations, breaches are far easier to achieve and are more likely to have a meaningful impact, and thus are more likely to result in a payment.
Most users are completely unaware of the threat posed by ransomware attacks and are not prepared to handle them. Trustlook’s research found this lack of awareness and apathy is resulting in insufficient action taken to protect devices and data. Almost half of consumers (48 percent) are not worried about becoming a victim of a ransomware attack, and only 7 percent of non-impacted consumers said they would pay the ransom if they were hacked.
The following are some facts from the Trustlook survey:
• 17 percent of consumers have been infected with ransomware
• 38 percent of affected consumers paid the ransom
• $100-$500 was the dollar range of consumer payouts
• 45 percent of consumers have not heard of ransomware
• 23 percent of consumers do not backup the files on their computer or mobile device.
Trustlook has the following advice for consumers who are worried that they might become a victim of ransomware. “Backup your data to multiple devices, and to at least one device that is not connected to a network,” said Allan Zhang, chief executive of Trustlook. “Also, be cautious of emails by checking the sender’s email address before clicking any link.”