Ransomware: Why do 70 per cent of businesses pay up?

The vulnerability of a business to cybercrime isn’t a lesson anybody wants to learn the hard way

A type of malware that encrypts computer data until the owner pays a fee for its release, ransomware has been around almost as long as the internet has, with a questionably named trojan made in 1989 serving as the progenitor for more modern and sophisticated variants like CryptoLocker, CryptoWall, and Locky.

It’s not the vintage threat it might appear to be though. According to figures from September 2016, a ransomware attack occurs on U.S. businesses every 40 seconds, for a grand total of around 4,000 a day. A rather more worrying statistic is that between 58 per cent (UK) and 70 per cent (U.S.) of businesses actually pay the ransom, according to figures published on CBR and CNBC respectively.

Operation Tovar

It’s easy to dismiss businesses that give into hackers as either daft or desperate but the ransom serves as a perverse kind of mercy for stricken companies. For example, the owner of a car hire company in Blackburn UK that paid £3,000 to a criminal to unlock 12,000 files described the firm as “thankful” for the opportunity to escape with its files intact.

Source: Pixabay

In a more extreme example, Hollywood Presbyterian Medical Center paid a $17,000 ransom in bitcoin to regain access to patient records, prescription services, and other mission critical systems when a criminal encrypted its computer files. The Atlantic reports that three police departments in the U.S. also paid ransoms of up to $750 following a malware attack.

The above stands at odds with official advice from the FBI to avoid paying criminals, but dealing with ransomware is often a case of prevention rather than treatment. Before it was all but eliminated by Operation Tovar, CryptoLocker encrypted a user’s files and stored the only means of releasing them – a “key” – on a private server, making recovery impossible.

For that reason, security solutions that use deception-based ransomware detection, a technique that tricks malware into attacking decoy files, are increasingly popular with businesses of all sizes. Once identified, the technology quarantines infected files and prevents compromised machines from accessing data on a network.


Here’s the strange thing – few if any of the above ransomware attacks were targeted. Ransomware is opportunistic, relying on a user’s curiosity, inexperience, and ignorance to gain a foothold on their computer. In the case of the UK hire firm, MNH Platinum, it was a single mouse click that allowed the hacker to get in – an employee simply opened the wrong email.

Source: Pixabay

Inadequate training, human error, and IT professionals’ inability to communicate the value of online security to colleagues actively creates new opportunities for criminals, allowing ransomware and social engineering tricks like phishing and spear phishing to succeed. A related but far more audacious crime – whaling – serves as a good example of how easy it is to con poorly trained employees.

In January of last year, an Austrian company called FACC Operations lost its entire profit for a year when a criminal masquerading as the company’s CEO managed to persuade an employee to hand over $47 million to cover the costs of a fake project. Fraudsters have also pretended to be the FBI to create trust (or fear) in the target.

Given that only four per cent of businesses are prepared for a ransomware attack and employees are as dangerous as viruses as far as security breaches are concerned, it’s difficult to give hackers any credit for stealing money or encrypting files at all. The fact that Joe in finance would transfer millions to the first person who asked is a difficult concept to swallow, but the vulnerability of a business to cybercrime isn’t a lesson anybody wants to learn the hard way.

The views, opinions and positions expressed by columnists and contributors are the author’s alone. They do not inherently or expressly reflect the views, opinions and/or positions of our publication.

You must be logged in to post a comment Login