Study: 70 Percent of Businesses Hit with Ransomware Paid the Ransom | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Study: 70 Percent of Businesses Hit with Ransomware Paid the Ransom

December 19, 2016
by Heather Landi
| Reprints

An IBM Security study found that seven out of ten businesses infected with ransomware have paid ransom to regain access to business data and systems. However, in comparison, more than 50 percent of consumers surveyed said they would not pay to regain access back to personal data or devices aside from financial data.

The IBM X-Force study, “Ransomware: How Consumers and Businesses Value Their Data” surveyed 600 business leaders and more than 1,000 consumers in the U.S. to determine the value placed on different types of data. The survey was designed with Ketchum Global Research and Analytics, with data collection conducted by Braun Research Inc. for the business audiences and ORC International for the consumer audience.

While over half of consumers surveyed initially indicated they would not pay the ransom, when asked about specific data types, 54 percent indicated they would likely pay to get financial data back.

Also, more than half (55 percent) of parents surveyed would be willing to pay for access to digital family photos vs. 39 percent of respondents without children.

Ransomware was one of the leading cybersecurity threats in 2016 with the FBI estimating cybercriminals, in the first three months of this year, making a reported $209 million. IBM Security projects that cybercriminals are on pace to make nearly $1 billion in 2016 from their use of the malware. In fact, according to IBM X-Force research, ransomware made up nearly 40 percent of all spam e-mails sent in 2016, demonstrating a significant increase in the spread of the extortion tool.

The survey was not healthcare-specific, but the findings of the study indicate ransomware’s success with businesses, as nearly one in two business executives surveyed have experienced ransomware attacks in the workplace. The study found 70 percent of these executives said their company paid to resolve the attack, with half of those paying over $10,000 and 20 percent paying over $40,000.

The IBM Security survey also found that nearly 60 percent of all business executives indicated they would be willing to pay ransom to recover data. The data types they were willing to pay for included financial records, customer records, intellectual property and business plans. Overall, 25 percent of business executives said, depending upon the data type, they would be willing to pay between $20,000 and $50,000 to get access back to data.

“Small businesses remain a ripe target for ransomware. Only 29 percent of small businesses surveyed have experience with ransomware attacks compared to 57 percent of medium size businesses. While cybercriminals may not view these businesses as offering a big payday, a lack of training on workplace IT security best practices can make them vulnerable,” the study authors wrote.

The study also found that only 30 percent of small businesses surveyed offer security training to their employees, compared to 58 percent of larger companies.

By contrast, the survey results indicated that one out of two consumers participating in the survey indicated they would be unwilling to pay a hacker to regain access to their data. When presented with specific data types their willingness to pay began to increase. For example, 54 percent of participants would be willing to pay for financial data and 43 percent were willing to pay for access back to their mobile device.

“While consumers and businesses have different experiences with ransomware, cybercriminals have no boundaries when it comes to their targets,” Limor Kessem, executive security advisor, IBM Security and the report’s author, said in a statement. “The digitization of memories, financial information and trade secrets require a renewed vigilance to protect it from extortion schemes like ransomware. Cybercriminals are taking advantage of our reliance on devices and digital data creating pressure points that test our willingness to lose precious memories or financial security.” 

The IBM Security report also outlined a number of recommendations for businesses to defend against ransomware. For example, the report authors note business should be vigilant about malware. “If an email looks too good to be true, it probably is. Be cautious when opening attachments and clicking links,” the report authors wrote.

The report also recommends that business backup their data. “Plan and maintain regular backup routines. Ensure that backups are secure, and not constantly connected or mapped to the live network. Test your backups regularly to verify their integrity and usability in case of emergency,” the report states.

Other recommendations include disabling macros, as document macros have been a common infection vector for ransomware in 2016. Macros from email and documents should be disabled by default to avoid infection. And, organizations are advised to “patch and purge,” by maintaining regular software updates for all devices, including operating systems and apps.

The FBI and other law enforcement agencies advise victims to avoid paying a ransom to cybercriminals. And, it’s recommended that organizations report a cybercrime, including becoming the victim of ransomware to the appropriate authorities.

 

 

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Senate Republicans Release Draft of Health Care Bill

On Thursday, Senate Republican leaders, who have promised to repeal former President Barack Obama’s healthcare legislation for seven years, moved forward on that goal with the release of a draft of their plan to repeal and replace the Affordable Care Act, which they expect to vote on next week.

Vermont HIE Implements IT Solution for Improved Data Quality

Vermont Information Technology Leaders (VITL), the operator of the Vermont Health Information Exchange, has announced the implementation of a data managing and synthesizing platform in an effort to expand its IT capabilities.

Survey: 75 Percent of CIOs Concerned About Incomplete, Inaccurate Medication Data

Despite multidisciplinary efforts to improve medication reconciliation, hospital CIOs still report unsatisfactory results, with three out of four concerned that their organization’s medication history data is incomplete or inaccurate, according to a new survey conducted by the CHIME Foundation.

Michigan Plans to Link State PDMP with Provider EHRs

The State of Michigan is directly adding the Michigan Automated Prescription System (MAPS) into the electronic health records (EHRs) and pharmacy management systems of hospitals, physician groups and pharmacies across the state.

Teladoc to Acquire Medical Consultation Company in $440M Deal

Telehealth company Teladoc has announced that it has acquired medical consultation firm Best Doctors for a deal totaling $440 million in cash and stock.

Study: Digital Health Coaching App Improves Weight Loss, Blood Pressure Management

A digital health app and 1-to-1 coaching platform can help patients lose weight and reduce blood pressure, according to a new study published in the June issue of the Journal of Medical Internet Research.