Slashdot Mirror

← Back to Stories (view on slashdot.org)

Most Businesses Pay Ransomware Demands, IBM Finds (eweek.com)

Posted by BeauHD on from the give-into-demands dept.

According to an IBM Security report released on December 14, 70 percent of businesses impacted by ransomware end up paying the attackers. The amount varies but a majority of business respondents said they paid tens of thousands of dollars. eWeek reports: The 23-page IBM Security study surveyed 600 business leaders and 1,021 consumers in the U.S. 46 percent of business respondents reported that they had experienced ransomware in their organizations. Of the 46 percent that have been impacted by ransomware, 70 percent admitted that their organization paid the ransom. The amount paid to ransomware attackers varies, but of those business respondents that paid a ransom, 20 percent paid over $40,000, 25 percent paid between $20,000 and $40,000 and 11 percent paid between $10,00 to $20,000. On the consumer side, IBM's study found that the propensity to pay a ransom varies depending on whether or not the victim is a parent. 55 percent of consumers that identified themselves as being parents said they would pay a ransom to recover access to photos that had been encrypted, versus only 39 percent for consumers that don't have children. In an effort to help organizations respond quickly to ransomware threats, IBM's Resilient Incident Response Platform (IRP) is being enhanced with a new Dynamic Playbook for ransomware. Ted Julian, Vice President of Product Management and Co-Founder at Resilient, an IBM Company, explained that the basic idea behind the Dynamic Playbooks is to help provide organizations with an automated workflow or 'playbook' for how to deal with a particular security incident.

4 of 69 comments (clear)

  1. The unwritten part of the headline... by Anonymous Coward · · Score: 5, Insightful

    Most companies dont have a backup regimen.

    1. Re:The unwritten part of the headline... by mmell · · Score: 4, Interesting
      I worked for one that didn't pay - they had excellent backups and completely mediated the issue in under a week. I also worked for one that did pay . . . unfortunately, all they had was backups of encrypted files, so they didn't feel like they had a choice!

      They paid . . . and immediately implemented more secure and more reliable backups, combined with updating all software (where possible) to latest and greatest available versions. Also, they paperweighted the vast majority of their servers with McAfee's product turned up to "insanely secure" - which is how they discovered that the bad guys had left multiple back doors in place so they could try again. I'll wager they're still trying to make sense of it all.

  2. The one "good" thing about the hijackers by SensitiveMale · · Score: 4, Interesting

    with ransomware is if you pay the ransom, they unlock your data.

    It seems weird to say it is a business, but as long as the criminals don't screw over the victims, the victims know they can pay and not lose anything.

  3. I paid the money by Anonymous Coward · · Score: 4, Funny

    But then I realized that I could have just downloaded the same porn again for free. I asked for my money back and the ransomers said no.