Ransomware spiked 6,000% in 2016 and most victims paid the hackers, IBM finds
December 15, 2016
Spam emails loaded with ransomware — malware that scrambles data and demands a ransom to decode it — increased 6,000 percent this year compared with 2015, a new study from IBM (IBM) Security found. Ransomware was in almost 40 percent of all spam messages in 2016.
The problem is, the business model works: 70 percent of business victims paid the hackers to get their data back, the study found. Of those who paid, 50 percent paid more than $10,000 and 20 percent paid more than $40,000.
Ransomware is on track to be a $1 billion business in 2016, despite the fact that the FBI recommends victims not pay their attackers but contact law enforcement instead.
In 2016 cybercriminals breached the systems of San Francisco's light rail network — which avoided paying because its systems were backed up — and a Hollywood hospital — which was forced to pay $17,000 in bitcoin to retrieve its data.
Hackers are indiscriminate in choosing their victims, targeting individual consumers as well. Almost 40 percent of consumers would be willing to pay more than $100 to get data back. Most ransomware fetches over $300 per victim, according to IBM.
More than half of parents surveyed by IBM said they would pay the ransom to get back personal photos and memories and 40 percent of parents said they were worried about hackers hijacking gaming devices, IBM found.
"The digitization of memories, financial information and trade secrets require a renewed vigilance to protect it from extortion schemes like ransomware," wrote Limor Kessem, executive security advisor at IBM Security. "Cybercriminals are taking advantage of our reliance on devices and digital data creating pressure points that test our willingness to lose precious memories or financial security."