Businesses mostly pay up on ransomware extortion

KraysAn IBM Security report reveals that 70 percent of businesses will pay out if they are hit by Ransomware pay attackers, but there is hope in sight, as IBM’s Resilient Incident Response Platform adds a new Dynamic Playbook to help organisations respond to attacks.

According to a new security study, Biggish Blue is reporting that 70 percent of businesses impacted by ransomware end up paying the ransom.

The 23-page IBM Security study surveyed 600 business leaders and 1,021 consumers in the US, and 46 percent of business respondents reported that they had experienced ransomware in their organisations. Of the 46 percent that have been impacted by ransomware, 70 percent admitted that their organisation paid the ransom.

The amount paid to ransomware attackers varies, but of those business respondents that paid a ransom, 20 percent paid over $40,000, 25 percent paid between $20,000 and $40,000 and 11 percent paid between $10,00 to $20,000.

IBM’s study found that the propensity to pay a ransom varies depending on whether or not the victim is a parent. 55 percent of consumers that identified themselves as being parents said they would pay a ransom to recover access to photos that had been encrypted, versus only 39 percent for consumers that don’t have children.

IBM might be interested in attracting attention to the issue because it has a product it thinks can protect businesses from Ransomware attacks. ┬áIBM’s Resilient Incident Response Platform (IRP) is being enhanced with a new Dynamic Playbook for ransomware.

Ted Julian, Vice President of Product Management and Co-Founder at Resilient, an IBM Company, explained that the basic idea behind the Dynamic Playbooks is to help provide organizations with an automated workflow or ‘playbook’ for how to deal with a particular security incident.

The Resilient platform also enables organisations to run simulations to practice responses to potential attacks. Being prepared and having a plan for how to deal with security incidents is a good way for organisations to help control both the costs and the risks of a potential attack.

“Part of the value is giving organizations a platform to practice incident response, get educated and in doing so, bring order to what would otherwise be a very chaotic process,” Julian said.