Documente Academic
Documente Profesional
Documente Cultură
consumers and
businesses value
their data
Contents Executive overview Whatever your answer, its likely to cost you five
times that amount.
What would you do if today you found out that
Executive overview
1 2 cybercriminals had managed to infect your
What if you are in charge of a company server on
computer with malware that has encrypted all
which all your organizations intellectual property
A brief overview your files? Would you be concerned about saved
gets locked up by a cyber-extortion gang? What if
of ransomware work? Would you lament the loss of pictures
all the computers in the hospital you manage are
and videos from a once-in-a-lifetime trip, or the
encrypted and held hostage by cybercriminals?
Consumers surveyed forever irreplaceable photos from your kids early
about ransomware Will you pay? Attackers are counting on you to do
childhood? Would you pay to get them back, and
just that!
if so, how much are you willing to spend?
Businesses surveyed
about ransomware
Law enforcement
advises: Dont pay!
2
Previous Next
Contents IBM fielded a US-based consumer and business Research and Analytics. Data collection was
research study to determine the value people place conducted by Braun Research Inc. for the business
Executive overview on data and their awareness and knowledge about audience and ORC International for the consumer
1 2 ransomware. The results are alarming. For instance, audience. The survey population includes:
despite high levels of confidence in their ability to
A brief overview protect personal devices, 59 percent of consumer 1,021 US citizens aged 18 and older for
of ransomware
respondents have not taken any action in the past consumer perspective
three months to protect their devices from being 200 small-business executives
Consumers surveyed
about ransomware hacked. The survey, which tallies responses from (<100 employees)
individuals and business executives, provides 200 medium-business executives
Businesses surveyed a clear picture of an overall lack of awareness (101-999 employees)
about ransomware and preparedness in the face of the rising risk of 200 large-business executives
ransomware attack. (1,000+ employees)
Law enforcement
advises: Dont pay! About the research study The margin of error for the study for the total
This report summarizes the results of a 2016 US- business audience is +/- 3.88% at the 95%
What can consumers do to based study fielded by IBM to determine the value confidence level (and +/- 5.5% at the 95%
lower the ransomware risk?
consumers and business executives place on data confidence level for individual company sizes). The
and their awareness and knowledge of ransomware. margin of error for the consumer study is +/- 3.07%
What can businesses do to
The survey was designed with Ketchum Global at the 95% confidence level.
lower the ransomware risk?
3
Previous Next
Contents A brief overview of ransomware Cybercriminals typically use social engineering such
as unsolicited email, or spam, to lure victims into
Ransomware is a family of computer bugs that
Executive overview opening a malicious attachment. The attachment
are programmed to lock up an endpoint, such as
attempts to exploit a vulnerability in productivity
a PC, server, or mobile device, in various ways.
A brief overview software the user likely possesses in order to allow
of ransomware Ransomware revokes access to the endpoint
file execution, in this case ransomware. IBM X-Force
1 2 3 itself, or encrypts data on the endpoint, and then
has seen a quadrupling of spam volume in the
asks the victim to pay a ransom to regain control
last 23 months; even more worrying is the marked
Consumers surveyed of the data or the endpoint. A ransomware attack
increase in ransomware attachment to spam, up
about ransomware can affect an individual or organization anywhere
from an average ransomware attachment rate of
in the world.
Businesses surveyed 0.6% in 2015 to nearly 40% YTD in 2016.
about ransomware
Percent of spam with ransomware attachments
Law enforcement
70%
advises: Dont pay!
60%
What can consumers do to
lower the ransomware risk? 50% The average ransomware attachment
rate in spam rose from an average of
0.6% in 2015 to nearly 40% YTD in 2016.
What can businesses do to 40%
lower the ransomware risk?
30%
10%
About IBM Security
0%
About the author
Fe 15
ar 5
Ap 1 5
ay 5
Ju 015
Ju 1 5
Au 1 5
Se 015
ct 5
ov 5
De 1 5
Ja 15
Fe 16
ar 6
Ap 16
ay 6
Ju 016
Ju 16
Au 16
Se 016
O 016
ov 6
16
1
01
01
1
20
20
20
20
20
20
20
20
20
20
20
20
20
20
r2
l2
2
l2
2
2
r2
2
n
g
n
g
n
ct
n
pt
Ja
O
M
M
M
M
N
N
Figure 1. Source: IBM X-Force, 2016
4
Previous Next
Contents The ransomware code is designed to scan the file Victims all around the globe have been
system on the endpoint and find all the locations receiving on-screen ransom requests averaging
Executive overview where the victim keeps files, including shadow $500USD, demanded most often in the form of
copies and backup files and including network cryptocurrency. Businesses are now seeing larger-
A brief overview repositories and even external drives attached scale ransomware attacks on their servers and
of ransomware to the endpoint. The files are then encrypted and networks, along with demands for 4- to 5-digit
1 2 3
users are prevented from accessing them. ransom payments, all the way up to millions
demanded in some cases.
Consumers surveyed
about ransomware
The key to unlocking the files remains in the
cybercriminals hands until the victim pays a ransom Ransomware attacks have been proliferating and
Businesses surveyed to obtain the key and attempts to restore the files. becoming much more sophisticated. As a result,
about ransomware consumers and businesses alike are losing large
Although ransomware has been increasingly amounts of money to ransomware operators
Law enforcement rampant only since 2014, the concept dates all groups of cybercriminals who emulate legitimate
advises: Dont pay! the way back to 1989, when PC-locking malcode businesses, making them highly efficient and ROI-
was snail-mailed to victims on floppy disks. aware. Europol recently warned that ransomware
What can consumers do to Ransomware has since gained tremendous is one of the biggest online threats affecting
lower the ransomware risk? momentum with improved encryption capabilities consumers and businesses this year. That is
exploited by cybercriminals and the growing use of unlikely to change in the foreseeable future.
What can businesses do to
cryptocurrency like Bitcoin.
lower the ransomware risk?
5
Previous Next
Startlingly, most targets of this highly prolific threat The surveys goal was to map consumers
Businesses surveyed
are completely unaware of its existence. According awareness about ransomware and their ability
about ransomware
to the IBM survey, only one-third (31 percent) of to protect themselves from its potential harm. It
consumers have actually heard of ransomware. provided clear insight. Most people are unaware
Law enforcement
advises: Dont pay! of ransomware. While they are concerned about
The situation is no better on the enterprise side, losing access to their devices or data, they are
What can consumers do to where most employees are unaware of what doing nothing to protect themselvesall while
lower the ransomware risk? ransomware is, or how it can affect the company. being quite confident that they would know how to
Ponemon Institutes 2016 State of Endpoint Report respond if the worst-case scenario were to arise.
What can businesses do to
reveals that 56 percent of companies surveyed
lower the ransomware risk? Big picture: lack of awareness,
said they are not ready to fend off ransomware
unfounded confidence
attacks, and just 38 percent said they have a
Ransomware wont change The results show a lack of awareness about
until we do strategy to deal with destructive software.
ransomware, which may be resulting in little or no
action taken to protect devices and data. More than
About IBM Security
half the consumers interviewed do not take any
proactive measures to protect themselves from this
About the author
type of malware, despite high levels of confidence
in their ability to protect personal devices.
6
Previous Next
7
Previous Next
Contents
Executive overview
A brief overview
of ransomware
Consumers surveyed
about ransomware
1 2 3 4 5 6
Businesses surveyed
about ransomware
Law enforcement
advises: Dont pay!
What can consumers do to Figure 2. The Jigsaw ransomwares instructions to victims on paying ASAP
lower the ransomware risk?
Locks access to the device itself: Locks a mobile device and potentially
What can businesses do to
lower the ransomware risk? Ransomware can lock access to the device by replicates into a paired smart device, like a smart
infecting the master boot record (MBR). The watch, thereby locking it as well.
Ransomware wont change victim can no longer reboot their machine or
until we do access the computer until they pay a ransom
to have it unlocked. For example, the Petya
About IBM Security ransomware overwrites the computers MBR to
achieve this type of restriction.
About the author
8
Previous Next
Contents Most meaningful data: the consumers take Parents (71 percent) are much more concerned
When asked How important are your health than non-parents (54 percent) about family digital
Executive overview records? How about family photos and personal photos being held for ransom or access blocked.
data? it turned out that data was not as important
A brief overview The incident response factor
to consumers as one might think. The IBM study
of ransomware
has found that: Who would consumers call to report being infected
Consumers surveyed by a ransomware attack? The FBI urges victims to
about ransomware Over half the consumer respondents would report infections to federal law enforcementno
1 2 3 4 5 6 forfeit their health records and family pictures matter the outcomeso it can understand the
to avoid paying to get them back. The one total loss and associate criminal activity to broader
Businesses surveyed exception is financial data, for which 54 percent victim trends.
about ransomware
of respondents would pay.
Millennials, however, valued their data more Who individuals call firstthe incident response
Law enforcement
advises: Dont pay! highly than the overall average. On average, factorvaries greatly, from family and friends
half of them were willing to pay for the return on to the device vendors from whom the endpoint
What can consumers do to various types of data. was bought:
lower the ransomware risk? Most consumers have not experienced a
hacking case, but would be most concerned Consumers are extremely likely (88 percent on
What can businesses do to about online passwords and financial average) to turn to another person if personal,
lower the ransomware risk? information being compromised. Parents would work or school data is stolen from one of
be particularly concerned about digital photos. their devices.
Ransomware wont change A majority of consumers (68 percent) do not have Friends and family members consistently rank
until we do among the top two go-to sources, with police
personal experience with a data attack or know
anyone who has. Consumers would be most topping the list in the case of a home computer
About IBM Security
concerned if their online account passwords (79 (25 percent) but less likely for other devices.
percent), financial information (79 percent), and Consumers are more likely to go to a local
About the author
personal computer access (78 percent) were electronic store if their smart TV gets locked up
held for ransom or access was blocked. by malware (24 percent).
9
Previous Next
Contents Consumer attitudes toward paying to when presented with a hypothetical ransomware
recover data demand. For example, while each type of
Executive overview When it comes to paying for lost data, statistics ransomware is different, CryptoLockers operators
from IBMs ransomware study found that 54 boasted a 41 percent success ratemeaning that
A brief overview percent of consumers say they would pay up to more than one in three victims ended up paying
of ransomware
$100 to get their financial data back, with 55 percent the ransom, according to a survey by the University
Consumers surveyed of parents saying they would open their wallets to of Kent in the UK. According to various estimates,
about ransomware retrieve their precious memories (digital photos), criminals using CryptoLocker are believed to have
1 2 3 4 5 6 while only 39 percent of non-parents would pay. stolen between $3 million and $27 million. In another
staggering example, criminals using the CryptoWall
Businesses surveyed The typical ransom demanded by cybercriminals ransomware stole an estimated $325 million in illicit
about ransomware ransom payments from hundreds of thousands of
is between $200 and $10,000, so while consumers
report themselves willing to pay a relatively small victims across the globe.
Law enforcement
advises: Dont pay!
amount of cash for data, in realitywhen faced
with their data disappearingthey are likely to pay In payment demands, according to IBM X-Force,
much more for it. Bitcoin is the top and most popular payment
What can consumers do to
lower the ransomware risk? method linked with ransomware attacks, being the
Information gathered on cybercriminals illicit profits choice of cybercriminals thanks to the anonymity
What can businesses do to supports the fact people do end up paying, and it offers and the difficulty of tracing transactions to
lower the ransomware risk? pay much more than they reportedly would pay their actual recipient.
About the author More than one in three victims of ransomware pay the
ransom, which can range from $200 to $10,000.
10
Previous Next
Contents It is worth noting here that often consumers are not If you believe youve been the victim of a
familiar with Bitcoin and may opt to lose their data if ransomware scheme or other cyber fraud activity,
Executive overview they do not understand how to make the payment, it is recommended that you report it to the FBIs
even if they are initially inclined to pay. Even Internet Crime Complaint Center. The FBI has also
A brief overview more notable is the fact that some ransomware discouraged people from paying the ransom since
of ransomware
operators understand this as a factor in non- paying doesnt guarantee the victim will regain
Consumers surveyed payment and therefore provide detailed instructions access to their data.
about ransomware on obtaining Bitcoin or set up customer support
1 2 3 4 5 6 lines to guide the inexperienced (see Figure 3).
Businesses surveyed
about ransomware
Law enforcement
advises: Dont pay!
11
Previous Next
12
Previous Next
Contents Its even more telling that according to this survey, Per the IBM survey, seven in ten of those who
20 percent have paid more than $40,000 for their have experience with ransomware attacks (70
Executive overview data. In the US, hospitals, educational institutions percent) have paid to get data back. Resolution
and utilities have paid amounts that average has come at a hefty price for some, with more
A brief overview $20,600, but those cases are just the few that than half paying over $10,000.
of ransomware
made it to the media. A blog post uncovering sums - 20 percent paid more than $40,000
paid by US companies that were caught in the - 25 percent paid $20,000 $40,000
Consumers surveyed
crosshairs of a ransomware attack reports that - 11 percent paid $10,000 $20,000
about ransomware
victims paid amounts as high as $45,000. Some
Businesses surveyed
were willing to pay even more for advice from the Can paying so much to release the organization
about ransomware very hacker who compromised their servers on from the grip of ransomware be justified?
1 2 3 4 5 6 how to patch and secure them. According to the losses incurred by many
organizations in the wake of sustained ransomware
Law enforcement The IBM study found: attacks, it can be. In a recent survey by SANS, more
advises: Dont pay! than 32 percent of financial firms said they've lost
Experience with ransomware attacks is more anywhere from $100,000 to a half-million dollars
What can consumers do to common among medium and large companies due to ransomware attacks on their organization.
lower the ransomware risk?
(57 percent and 53 percent) than among smaller
companies (29 percent). Common threat scenarios
What can businesses do to
lower the ransomware risk?
Prior experience with a ransomware attack When it comes to business, ransomware extortion
contributes to higher levels of concern about can take different shapes due to the variety of
Ransomware wont change loss of data. For those with prior experience, endpoints on the companys digital infrastructure.
until we do data loss concern is 50 percent, compared to In their attacks on networks, ransomware operators
35 percent for those without prior experience, look for the servers that keep the company running
About IBM Security across all device types, whether company or and encrypt those pivotal resources rather than
employee owned. encrypting endpoints across the entire company.
About the author
13
Previous Next
Contents The point of entry is usually a phishing email with Find and encrypt data and backups on and via
a malicious attachment, sent to an employees company servers:
Executive overview email inbox. In most cases, the attachment is a The Samas ransomware was launched by
Microsoft Office document that will prompt the hackers who studied and targeted specific
A brief overview victim to activate macros. Clicking the macros
of ransomware companies then penetrated their networks
activation button often comes as second nature to with pen-testing tools to ultimately encrypt
users who just want to make the alert at the top of files and backups.
Consumers surveyed
the document disappear. The malware executes
about ransomware In another example, the Bucbi ransomware
as soon as the user allows the macros to run.
was delivered via brute-forced RDP (Remote
Businesses surveyed
Ransomware can also come through any other
Desktop Protocol) accounts on Internet-facing
about ransomware attachment, or via exploit kits that facilitate infection
Windows servers, infiltrated company networks,
1 2 3 4 5 6 without any special action by the user.
and infected employee endpoints, locking files to
prevent access.
Law enforcement Ransomware in an enterprise environment would
advises: Dont pay! typically take the following paths:
Find and exfiltrate data from the organization,
What can consumers do to Encrypt all files on company endpoints, disabling then threaten to publicly release it unless paid.
lower the ransomware risk?
access to networks: Ransomware is a crime like any other. If
Ransomware can scan target enterprise companies shift to restoring data from adequate
What can businesses do to
lower the ransomware risk? endpoints, find the locations where all files are backups and refuse to pay ransom for encrypted
saved, and rapidly encrypt all folders, rendering files, cybercriminals may attempt to shift
Ransomware wont change all data inaccessible. In 2016, a number of tactics and demand payment for not releasing
until we do hospitals in the US fell victim to ransomware stolen data. This cyber extortion technique is
attacks of this type. not a ransomware attack per se, but rather a
About IBM Security targeted attack that demands ransom for seized
Another case involving ransomware affected San
company assets.
Francisco's Municipal Transportation Agency in
About the author
late November 2016, causing its light rail system
to enable free trips on one of the busiest days of
the year, Black Friday.
14
Previous Next
Contents Businesses rely on data to be available on The real pain point? Protecting employee-owned
demand, and ransomware attacks can easily devices used for work (BYOD, or bring your
Executive overview disrupt operations, temporarily or permanently own device), such as tablets and smartphones.
restrict access to data, corrupt or cause loss Leaders are most afraid those devices will be
A brief overview of data, and inflict monetary and reputational hacked, thereby putting the organization at risk:
of ransomware
damage on the organization. An example of a case
where ransomware caused immediate impact to Business executives are less confident in their
Consumers surveyed
operations was the hack of the San Francisco organizations ability to protect data on personal
about ransomware
light rail transit system where an opportunistic BYOD devices used for work versus company
Businesses surveyed
ransomware operator disabled the rails agents owned devices.
about ransomware endpoints, taking them offline for an entire day. They place higher confidence in the ability to
1 2 3 4 5 6 The SFMTA recovered from the ransomware protect company owned devices (83 percent
attack by using its own backups and never versus 70 percent average confidence for BYOD
Law enforcement paid the cybercriminal. personal devices).
advises: Dont pay! Personal computers are the device business
Most meaningful data: the business take executives most fear getting hacked, with about
What can consumers do to Two-thirds of business respondents in the IBM half feeling this way (48 percent). Others were
lower the ransomware risk?
ransomware survey are generally worried about concerned about BYOD smartphones and
corporate data being compromised by hackers, be company-issued equipment getting hacked.
What can businesses do to
lower the ransomware risk? it via ransomware or other types of attacks, while
being less concerned about a hack actually taking Financial and sales records topped the list of types
Ransomware wont change place on their protected networks. of data for which executives would most likely pay
until we do ransom, although generally there was very little
difference from one type to another.
About IBM Security
15
Previous Next
Contents About 60 percent of respondents indicate that their Not responding and losing the data/access, then
organization would be willing to pay some sort of reimaging affected endpoints; this option entails
Executive overview ransom in order to recover stolen data: considering the possibility of public exposure of
stolen data
A brief overview Financial records 62 percent
of ransomware
Customer and sales records 62 percent Law enforcements recommendation is to avoid
Corporate email system/server 61 percent paying cybercriminals, putting more effort into
Consumers surveyed
Intellectual property 60 percent prevention and lowering the risk of ransomware
about ransomware
Human resource records 60 percent attacks and having a solid business continuity
Businesses surveyed
Corporate cloud system access 60 percent plan in place, including backup, redundancy and
about ransomware Business plans 58 percent remediation capabilities.
1 2 3 4 5 6 R&D plans 58 percent
Source code 58 percent The IBM ransomware survey reveals that while
Law enforcement many companies have taken protective measures,
advises: Dont pay! The incident response factor most know they would benefit from expert
After determining the scope and malware type with consultation on this matter:
What can consumers do to which they have been hit, businesses responding to
lower the ransomware risk?
a ransomware attack have a few options: Sixty-nine percent of respondents stated that
their company has taken action (in the past three
What can businesses do to
lower the ransomware risk? Restoring their data and server configurations months) to protect its electronic data from
from the most recent backup being hacked.
Ransomware wont change Attempting to decrypt the malware themselves, The most useful resources in preventing a hack
until we do which is possible in some cases, but usually are best practices in data security (58 percent)
not an option and security expert consultations (56 percent).
About IBM Security Paying the ransom or entering into negotiation
with the cybercriminals, with or without
About the author police intervention
16
Previous Next
17
Previous Next
Contents Law enforcement advises: As Will Bales, supervisory special agent for the
FBIs Cyber Division, said to the Federal Trade
Executive overview
Dont pay!
Commission (FTC):
With ransomware, the question is still what its
A brief overview always been: to pay, or not to pay? People have to remember that ransomware does
of ransomware
not affect just one person or one business. It will
The FBI and other law enforcement agencies more than likely move on and affect somebody
Consumers surveyed advise victims to avoid paying a ransom. That else. And for those who pay the ransom, it only
about ransomware only encourages cybercriminals to continue encourages [cybercriminals] to extort the
spreading their malware and raking in the cash. next person.
Businesses surveyed According to FBI Cyber Division Assistant Director
about ransomware
James Trainor: The more outspoken law enforcement is about
Law enforcement ransomware, the less organizations are likely to
advises: Dont pay! Paying a ransom doesnt guarantee an pay cybercriminals without a fight. Refusing to pay
organization that it will get its data backweve cybercriminals is the only way to reduce the allure
What can consumers do to seen cases where organizations never got a of ransomware, the ROI and the profits that keep
lower the ransomware risk? decryption key after having paid the ransom. this type of crime going now and in the future.
Paying a ransom not only emboldens current
What can businesses do to cybercriminals to target more organizations; it
lower the ransomware risk? also offers an incentive for other criminals to
get involved in this type of illegal activity. And
Ransomware wont change finally, by paying a ransom, an organization
until we do
might inadvertently be funding other illicit activity
associated with criminals.
About IBM Security
18
Previous Next
Contents What can consumers do to lower users knowledge. This is important because any
website, even very reputable ones, can be plagued
Executive overview
the ransomware risk?
by dubious third party ads.
Most cases of ransomware infections begin with
A brief overview unsolicited email that tricks victims into opening Update and patch: Always update your operating
of ransomware a malicious attachment or clicking on a spoofed system, and ideally have automatic updates
URL. If you are not expecting a document, such enabled. Opt to update any software you use often,
Consumers surveyed as an invoice, package tracking link or fax, your and delete applications you rarely access.
about ransomware best bet is to immediately and permanently delete
the unsolicited message and alert your service Protect: Have up-to-date antivirus and malware
Businesses surveyed provider if an email purported to come from them.
about ransomware detection software on your endpoint. Allow scans
to run completely, and update the software as
Banish unsolicited email: Sending a poisoned needed. Enable the security offered by default
Law enforcement
advises: Dont pay! attachment is one of the most popular infection through your operating system, like firewall or
methods used by ransomware operators. Be very spyware detection.
What can consumers do to discerning when it comes to what attachments you
lower the ransomware risk? open and what links you click in emails. Junk it: Instead of unsubscribing from spam
emails, which will confirm to your spammer that
What can businesses do to No macros: Office document macros have been your address is alive, mark it as junk and set up
lower the ransomware risk? a top choice for ransomware operators in 2016. automatic emptying of the junk folder.
Opening a document and that then requires
Ransomware wont change enabling macros to see its content is a very
until we do With threats crossing to the mobile platform,
common sign of malware, and macros from email ransomware has been a growing problem to
should be disabled altogether. Android-based handsets. These tips apply to your
About IBM Security
mobile as well, except unsolicited messages can
No ads: Disable ads in your browser to prevent also come in the shape of SMS messages or
About the author
pop-ups and banners. Those can often deliver fake notifications. To learn more about protecting
exploit kits that in turn scan endpoints for your mobile device visit our online mobile security
vulnerabilities and silently infect them without the tips page.
19
Previous Next
Contents What can businesses do to lower Security software: Have up-to-date antivirus
and malware detection software installed on
Executive overview
the ransomware risk?
employee endpoints. Set up regular scans and
In addition to user education for employees automatic updates for those solutions.
A brief overview to emphasize the consumer tips mentioned, Safer browsing: Disable Internet ads on
of ransomware businesses can also enact formal policies to employee endpoints and modify browser security
address the ransomware risk. settings to restrict unauthorized downloads.
Consumers surveyed
Safer email: Disable Office file macros when
about ransomware Awareness: Plan and carry out periodical those are launched through email attachments.
employee awareness campaigns about threats Plan: Creating and maintaining an incident
Businesses surveyed in general and ransomware in particular. Its vital
about ransomware response plan is key to quick recovery from any
for employees to understand their critical role in security incident. Learn more about incident
preventing the success of ransomware attacks. response planning and how to orchestrate
Law enforcement
advises: Dont pay! Hygiene: Have and carefully maintain security the response.
hygiene plans that include operating system
What can consumers do to updates, patching software and updating
lower the ransomware risk? firmware. Consider using a centralized solution
to handle efficient security hygiene routines.
What can businesses do to Backups: Plan and maintain regular backup
lower the ransomware risk? routines. Ensure that backups are secure and
not constantly connected or mapped to the live
Ransomware wont change network. Test backups periodically to verify their
until we do
integrity and usability in case of emergency.
20
Previous Next
Contents Ransomware wont change until For ransomware attacks to subside, what needs
to happen is clear: There must be a substantial
Executive overview
we do
drop in profits, to the point where cybercrime
Ransomware is one of todays most prominent gangs no longer find it lucrative to orchestrate
A brief overview online threats. It has risen 300 percent since 2015 ransomware operations.
of ransomware alone, creating a rising source of illicit gains that is
relatively easy for even lower-skilled cybercriminals The top three factors that will eventually shift the
Consumers surveyed to operate. dial on ransomware are:
about ransomware
Geographic safe havens and the low probability User education and employee awareness
Businesses surveyed of apprehension embolden those who carry
about ransomware Ongoing business continuity planning and
out ransomware attacks. Cybercriminals using regular data backup that is tested and secured
ransomware may fund multiple criminal enterprises, Incident response and disaster
Law enforcement
advises: Dont pay! from cybercrime gangs to organized crime recovery capabilities
networks to terror organizations. Cybercriminal
What can consumers do to enterprises would prefer every ransomware Ultimately, the case of ransomware is like that of an
lower the ransomware risk? attack to result in financial gain, and individual infectious disease before the discovery of penicillin.
cybercriminals believe this will be the case. When the cure is known and properly implemented,
What can businesses do to the bugs successful infection campaigns subside,
lower the ransomware risk? A cybercriminals reputation is at stake from it can no longer cause damage, and eventually,
the moment an enterprise hires the individual. treating it becomes routine.
Ransomware wont change Encountering resistance from a victim, he or she
until we do might shift tactics, perhaps blaming or shaming
the victim into payingtactics that may also serve
About IBM Security to preserve or enhance the criminals reputation
with their peers and employer. This activity should
About the author
be viewed as a lucrative extortion model ultimately
serving criminal enterprise rather than a
single individual.
21
Previous Next
Contents About IBM Security Security, and ThetaRay. With her unique position at
the intersection of multiple research teams at
IBM Security offers one of the most advanced
Executive overview IBM, and her fingers on the pulse of current day
and integrated portfolios of enterprise security
threats, Limor covers the full spectrum of trends
A brief overview products and services. The portfolio, supported
affecting consumers, corporations, and the
of ransomware by world-renowned IBM X-Force research,
industry as a whole.
provides security intelligence to help organizations
Consumers surveyed holistically protect their people, infrastructures,
about ransomware data and applications, offering solutions for identity Contributors
and access management, database security, Kevin Albano, Global Lead for Threat Intelligence,
Businesses surveyed application development, risk management, IBM X-Force Incident Response &
about ransomware endpoint management, network security and more. Intelligence Services
IBM operates one of the worlds broadest security Ketchum Global Research and Analytics
Law enforcement research, development and delivery organizations,
advises: Dont pay!
monitors billions of security events per day in more
than 130 countries, and holds more than 3,500
For more information
What can consumers do to
security patents. To learn more about the IBM Security portfolio,
lower the ransomware risk?
please contact your IBM representative or IBM
Business Partner, or visit:
What can businesses do to About the author
lower the ransomware risk? ibm.com/security
Limor Kessem is one of the top
cyber intelligence experts at For more information on IBM X-ForceForce, visit:
Ransomware wont change
until we do IBM Security. She is a seasoned ibm.com/security/xforce
security advocate, public
About IBM Security speaker, and a regular blogger Follow @IBMSecurity on Twitter or visit the IBM
on the cutting-edge SecurityIntelligence.com blog. Security Intelligence blog
About the author Limor comes to IBM from organizations like RSA
22
Previous Next
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United
Law enforcement States, other countries, or both.
advises: Dont pay!
This document is current as of the initial date of publication and may be changed by IBM at any time. Not all
What can consumers do to offerings are available in every country in which IBM operates.
lower the ransomware risk?
THE INFORMATION IN THIS DOCUMENT IS PROVIDED AS IS WITHOUT ANY WARRANTY, EXPRESS OR
IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
What can businesses do to
PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted
lower the ransomware risk?
according to the terms and conditions of the agreements under which they are provided.
Ransomware wont change Statement of Good Security Practices: IT system security involves protecting systems and information through
until we do prevention, detection and response to improper access from within and outside your enterprise. Improper access
can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse
About IBM Security of your systems, including for use in attacks on others. No IT system or product should be considered completely
secure and no single product, service or security measure can be completely effective in preventing improper use or
access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach,
About the author
which will necessarily involve additional operational procedures, and may require other systems, products or
services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE
IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT
OF ANY PARTY.
WGL03135-USEN-00