Businesses paying out regularly to ransomware owners

Limor Kessem, Executive Security Advisor, IBM Security
Limor Kessem, Executive Security Advisor, IBM Security

IBM has released details from a recent study showing that businesses in the US pay out when hit by ransomware. The details are good news for malware creators who will see this as a reason to increase their attacks. 2016 has seen those responsible for creating the software also develop strong distribution networks. Much of this has been done by offering significant royalties per infection. Now it appears those campaigns are beginning to pay off.

Limor Kessem, Executive Security Advisor, IBM Security said: “While consumers and businesses have different experiences with ransomware, cybercriminals have no boundaries when it comes to their targets. The digitization of memories, financial information and trade secrets require a renewed vigilance to protect it from extortion schemes like ransomware. Cybercriminals are taking advantage of our reliance on devices and digital data creating pressure points that test our willingness to lose precious memories or financial security.”

Businesses feeding the ransomware machine

The report demonstrates how unprepared businesses are for ransomware. Rather than improve their security software and user education pay-outs are commonplace. While 60% of executives said they would pay to get data back it turns out 70% already have. This level of pay-out highlights significant failings in their IT department.

Underpinning this failing is the type of data that is being paid for. This is often financial records, customer records, intellectual property and business plans according to the report. All of this is data that should be regularly backed up. Part of that backup process should include security checks to spot malware that is just waiting to be activated.

The amounts being paid by businesses are also increasing. 50% paid more than $10,000 while 20% paid over $40,000. This is a significant amount of money for a lot of businesses. Small businesses are seen as being especially vulnerable as they lack security and IT skills. It is also expensive for many of them to educate their staff.

Another problem of paying out is that attackers will often see victims as a potential cash cow. Victims details are regularly traded on the Dark Net. This allows other attackers to infect computers and then ask for money later. Once attacked companies must sort out their backups and ensure that they disinfect all computers. This has to include any devices owned by their staff and used inside the office.

Where are the security guarantees from vendors?

This is a good question. SentinelOne has recently published research showing that companies want guarantees from security providers. It already provides a guarantee against ransomware which will lead to a pay-out per infected machine that is higher than the ransoms currently demanded.

They are not the only company to do this. Despite being one of the biggest security providers around, IBM does not offer any guarantee to its customers. The SentinelOne report showed 95% of companies based in the US, France and Germany wanted such guarantees. It will be interesting to see if IBM now considers a change to its position on this.

How to deal with ransomware

IBM says that the ransomware industry has grown and is now worth over $1 billion to cybercriminals. It says that there is no sign that this growth is slowing down. This means that organisations need to prepare to deal with an attack rather than hope it will pass them by. The press release offers four things that can be done:

  1. Be Vigilant: If an email looks too good to be true, it probably is. Be cautious when opening attachments and clicking links.
  2. Backup Your Data: Plan and maintain regular backup routines. Ensure that backups are secure, and not constantly connected or mapped to the live network. Test your backups regularly to verify their integrity and usability in case of emergency.
  3. Disable Macros: Document macros have been a common infection vector for ransomware in 2016. Macros from email and documents should be disabled by default to avoid infection.
  4. Patch and Purge: Maintain regular software updates for all devices, including operating systems and apps. Update any software you use often and delete applications you rarely access

IBM has also announced Dynamic Playbooks for Resilient’s Incident Response Platform. These are aimed at helping large enterprises deal with a ransomware attack. What is missing is a cloud-based version for its smaller customers. Perhaps this will come in 2017 as IBM continues to develop its security offerings.


Ransomware is the most effective malware ever developed. While some ransomware owners have shut up shop and given up access codes others are going strong. International efforts such as the No More Ransom project are offering free solutions to unlock some ransomware. At the moment this is mainly a European effort although Columbia has recently joined it. Surprisingly there is no US involvement and IBM are also not yet a partner.

Businesses need to stop funding ransomware but they can only do that if there is an effective solution for them. Perhaps 2017 will see IBM start taking part in other initiatives to help protect its customers. If it doesn’t and the problem continues to grow then it might find customers beginning to look elsewhere for help.


Please enter your comment!
Please enter your name here