Attacks/Breaches
1/26/2017
03:25 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Most Companies Still Willing To Pay Ransom To Recover Data, Survey Shows

St. Louis Public Library system becomes latest example of growing number refusing to do so

The St. Louis Public Library (SLPL) system has become the latest to recover from a ransomware attack without paying a dime in ransom money, even as a new survey shows that organizations overall continue to be more inclined to pay up than not in a similar situation.

SLPL last Friday was hit with a ransomware attack that disrupted access to some 700 checkout systems and computers used by patrons across all 17 of its libraries.

Instead of trying to negotiate with the attackers, who wanted $35,000 in ransom, library officials immediately contacted the FBI and began work on restoring service using backup systems.

As of Thursday morning, the library has restored circulation service at all of its locations and patrons once again have full access to all reservable computers and printers across the library system, says Jen Hatton, PR manager for SLPL. 

Administrators are still working on restoring access to systems used by staff across the 17 libraries. Meanwhile, all libraries remain open, as does access to SLPL's various databases, she adds.

Hatton did not provide details on the attack itself, citing the ongoing FBI investigation.

In a statement earlier this week, the executive director of SLPL, Waller McGuire, described the attack as very troubling. “An attempt to hold information and access to the world for ransom is deeply frightening and offensive to any public library,” he noted while reiterating his commitment to keep the library’s digital resources open and available to everyone.

For the moment at least, the number of organizations willing to pay a ransom to get their data back continues to outnumber those, like SLPL, who say they won’t.

For instance, 53% of the respondents in a recent survey of 618 individuals in small- and medium-sized organizations that the Ponemon Institute conducted on behalf of Carbonite Inc. said they would be willing to pay a ransom to get their data back.

The remaining 47% said they would never pay a ransom even if it meant losing their data. About 48% said their company had already paid a ransom that averaged $2,500 to get the decryption key to their locked data.

In a similar IBM survey late last year, 60% of over 1,000 professionals from small, medium and large organizations indicated they would be willing to pay a ransom if it meant getting their data back while 70% confessed to having paid between $10,000 and $40,000 to do so.

The slowly shifting attitudes towards ransom payments come amid signs that many companies—especially SMBs—still remain largely conflicted on how to deal with the ransomware threat.

Despite the huge increase in ransomware attacks in recent months for instance, the new Ponemon/Carbonite survey shows that 57% of SMBs continue to labor under the belief they are immune from the threat because of their size.

“We found that many small companies believe they’re too small to be a target,” says Norman Guadagno, senior vice president and chief evangelist at Carbonite. “This mentality makes you a target since you’re not appropriately preparing for such attacks,” he says.

Because they believed they were less of a target, a bare 46% in the survey rated ransomware prevention as a high priority for their organization. “Our research showed that 66 percent of businesses rate the threat of ransomware as very serious, however only 13 percent said their company’s preparedness to prevent ransomware is ‘high,’” Guadagno says. “This preparation gap is alarming and something many businesses need to consider,” he says.

SLPL is among a growing number of publicly known ransomware victims in recent months that have refused to give in to extortion demands from attackers. One example is the San Francisco Municipal Transit Agency (SFMTA), which last November chose to hand out free rides to thousands of commuters over a weekend while systems were restored, rather than pay the demanded $73,000 ransom.

E-Sports Entertainment Association League (ESEA) is another example. Earlier this month, data, including emails and phone numbers, on a reported 1.5 million ESEA users was leaked online after the company refused to pay a ransom of $100,000 to the attackers who had stolen it. “We do not give into extortion and ransom demands and we take the security of customers’ data very seriously,” ESEA had noted at the time.

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.