The current approach to ransomware education is not sticking, with employees and employees alike opting to pay ransoms in record numbers because they do not have a firm grasp of what should be done when attacked, notes new research out of the U.S.
The research shows there is a definite cost – a hefty one – for opting to pay. The average amount paid in ransom among office workers taking part in an online poll in June stands at approximately $1,400, notes a statement Wednesday from Intermedia, a California-based cloud business applications provider.
The finding is just one of many detailed in the second segment of the company’s three-part Data Vulnerability Report. Commissioned by Intermedia and delivered by market research firm Precision Sample, the report explores the security behavioural habits of 1,000-plus office workers and offers guidance on how to handle those habits.
“Even in the face of increasing attacks, there are large gaps in overall awareness of how to handle a ransomware strike,” Jonathan Levine, chief technology officer for Intermedia, says in the statement.
“Employees are willing to go to great lengths to try to get data back, including paying ransoms out of their own pockets, even though 19% of the time the data isn’t released even after the ransom is paid,” Levine points out.
That awareness continues to lag threats is demonstrated by the survey finding that 31% of respondent office workers admit they are not familiar with ransomware.
“This is not for lack of effort among companies, though, with 70% of office workers saying their organization regularly communicates about cyber threats and nearly one-third (30%) saying their organization specifically highlighted the WannaCry ransomware attack as an example,” Intermedia notes.
To get more bang for the education buck, Levine says “organizations need to focus education efforts not just on what ransomware is, but what steps employees should take if they are impacted.”
Though the report indicates education helps with confidence in detecting ransomware, that does not necessarily translate into knowing what specifically to do if they fall victim. “As a result, employees hit by ransomware may take actions that could dramatically undermine their organizations’ security efforts — and damage their bottom line,” the statement notes.
Of the polled office workers who have fallen victim to such attacks at work, 59% paid the ransom personally, and 37% reported that their employers paid (this was a multi-select question with the other response options being, No ransom was paid, 19%, and Other, 1%).
In addition, 68% of surveyed owners/executive management affected by such attacks report they personally paid a work-related ransom.
This demonstrates “employees and employers alike don’t feel like there is an alternative to paying the ransom,” Intermedia contends.
Paying the ransom, the findings make clear, will not help solve the problem of ransomware attacks, which are growing increasingly sophisticated. In fact, payments fund the R&D of ransomware and its spread, the company maintains.
“Simply put, the growth in ransomware attacks is fuelled by the people and organizations willing to pay a ransom,” Levine says.
All types and sizes of organizations can be targeted, of course, but Intermedia suggests small and medium-sized business (SMEs) may be particularly vulnerable to ransomware attacks because they may not have the resources, tools or training that larger organizations use to recognize, prevent and protect themselves.
“Ransomware can infiltrate and shut down an entire business through just one infected computer,” Levine points out. “More often than not, SMBs feel they are forced to pay a ransom they can’t, but must, afford. And hackers realize this,” he states.
“Regular communication is especially important right now with new malware strains like Bad Rabbit posing as seemingly harmless Adobe Flash updates,” Levine notes.
“There are steps that can be taken to not only prevent these attacks from happening, but also, should one occur, to get the data back without paying the ransom,” Levine suggests. Among other things, Intermedia notes the following:
educated employees can help to contain the infection by closing their computers to get it off the network;
employees need to know about the dangers of dealing with cyber criminals directly; and
organizations should have a continuous back-up product, which can reduce the file restoration process to minutes.
Part 3 of the Data Vulnerability Report will look at the risky data and file-sharing behaviours of office workers, how sensitive information gets passed around, and the significant detriments these behaviours can cause an organization.