Security vendor Bitdefender has reveal that 44% of UK victims have caved in and paid to have their documents recovered with the majority paying up to £400. To make matters worse, despite paying up, 39% of victims accepted that they were probably going to be attacked again in the future.
The survey highlights the problems of paying blackmailers. While they may unlock files for a limited amount of time, once they know victims will pay there is a greater incentive for them to come back again and again for more money. It is a common enough scenario for police who see this type of criminal behaviour from blackmailers regularly.
Catalin Cosoi, Chief Security Strategist at Bitdefender said: “The ransomware phenomenon has been hitting internet users and generating huge profit for cybercriminals for years. While victims are usually inclined to pay the ransom, we encourage them not to engage in such actions as it only serves to financially support the malware’s developers. Instead, coupling a security solution with minimum online vigilance could help prevent any unwanted ransomware infection.”
Defeating ransomware with backups and proper security tools
One of the reasons so many attacks are successful is because users fail to backup their data to a location that is not connected to their computer. Many users attach a USB drive or create a connection to their cloud drive and assume that once the data is off of their machine they are safe. That is not the case. Ransomware will look for any file storage that is attached to the infected computer. Once it locates the storage it infects that as well.
The most effect backups are those that copy important files to a device that is only connected for the purpose of backup and is then disconnected when the backup is complete. While this doesn’t necessarily mean that the ransomware will not be backed up as well, it does increase the possibility of data recovery and reduces the risk of losing critical data to the blackmailers.
Bitdefender is unsurprised by the numbers of people paying up and believes that 2016 will see ransomware become an even bigger threat than it is today. They are not the only security vendor to see this happening. In November last year IBM X-Force and Symantec both warned of the rising threat from ransomware.
In January Bromium reported that ransomware variants were increasing and there were already Ransomware as a Service (RWaaS) offerings on the Dark Web. These offerings mean that a user can buy an exploit kit and then purchase access to ransomware to embed into their exploit. The use of such kits brings the crafting of exploits containing ransomware within the reach of almost anyone capable of using the Internet.
Unsurprisingly Bitdefender is also using the warning as a sales message around its own anti-ransomware tools. It claims that it can protect against the current wave of ransomware although none of the current malware testing labs are yet specifically analysing ransomware or the efficacy of solutions against it.
There is a serious warning here for security teams inside organisations. Ransomware is on the rise and they need to find tools to protect their users. With so much corporate Intellectual Property on end users computers today there is a serious risk of data loss due to ransomware. More importantly, it is unlikely that users would admit to the problem and are likely to pay to have data recovered rather than admit to their boss that their machine was infected and they don’t have a copy of the data.
The other warning here is that paying blackmailers never solves a problem. Rarely do the blackmailers go away. Instead they can sell on the details of someone who paid including how quickly and how much to other parties. This reduces their risk but substantially increases the risk to the end user.