How educated are we on ransomware?

May 24, 2016

Unlike previous malware trends that have varying purposes, ransomware’s is quite simple: Get Money. With a goal like that spurring on malicious developers, it’s no wonder ransomware’s star is on the rise.

If you’re not entirely sure what ransomware is, you’re not alone — and that’s unfortunate. With ransomware a growing concern, and high-profile attacks on critical organizations including hospitals, schools, and police departments, Kaspersky Lab recently commissioned research firm Opinion Matters to survey more than 5,000 consumers in the United States and Canada to gauge the overall awareness of and concern about ransomware.

Ransomware awareness in North America-featured

The results indicate that consumers are unconcerned about ransomware — perhaps because they are unaware of ransomware’s reach and effects.

Why ransomware matters

Briefly, ransomware is a type of malware. Its twist is using encryption to hold victims’ files — or access to their computers or mobile devices — hostage and demanding money in exchange for their safe return.

Ransomware isn’t new, but ransomware infections have been growing at an alarming rate recently. For example, in the first quarter of 2016, Kaspersky Lab’s software blocked crypto-ransomware attacks on 34,900 devices and detected more than 2,800 mobile ransomware Trojans.

Victims of ransomware are PC and Mac users, mobile device users, and institutions — in short, anyone and everyone.

Last year, Kaspersky Lab predicted that 2016 will see ransomware spread to new frontiers such as the Internet-of-Things — Internet-connected devices and appliances over which users have little technological control. Ransomware’s direct monetization model is very appealing to cybercriminals, and its consumer model is savvy in demanding relatively little money from each victim.

Our survey says…

Of the surveyed consumers, 43% did not know what ransomware was, and 9% believed it had something to do with social media accounts being held for ransom.

More troubling, consumers don’t know what to do in the event of an attack. A quarter of respondents believed that disconnecting the affected computer from the Internet could stop the attack. And a still-significant percentage — 15% of Americans and 17% of Canadians — would resort to unplugging the computer or turning off the mobile device, thinking that might work (spoiler alert: it does not work).

More concerning,15% of Americans and 17% of Canadians think unplugging the computer or turning off the mobile device could completely stop ransomware

Most users (53%), considering the risk of losing their photos and videos, say they would not be willing to pay ransom. Those willing to pay said they would pay only a small amount of money to recover their personal digital files.

Of the respondents, 26% of Americans and 24% of Canadians said they would be willing to give up social media permanently to guarantee the future protection of their personal digital files.

Most Internet security software, like Kaspersky Internet Security, will protect users against many forms of ransomware. However, 11% of U.S. respondents and 12% of Canadian respondents noted they don’t have a security product installed on any of their personal digital devices.

Education needed

As ransomware attacks increase, consumers need not just to be aware of the problem — they also need to know how to avoid ransomware attacks and what to do if they’re hit by one.

In response to a ransomware attack, 46% of respondents wouldn’t know what steps to take should they become infected. The findings also indicated that the percentage of respondents who would not know what steps to take grew with increasing age, from 37% of those aged 16-34 to 54% of those aged 55+.

To pay, or not to pay

Nearly one-quarter (24%) said that paying the ransom could halt the cybercriminals, and more than half (53%) of respondents would not be willing to pay.

Those who would pay would be willing to part with, on average, only a small amount to recover their personal digital files — less than the average consumer pays monthly for lunch.

At Kaspersky Lab, we do not advise payment to criminals in response to ransomware. Instead we suggest backing up files regularly and securing devices with strong security solutions.

Looking ahead

A lack of comprehension around ransomware shows how vulnerable consumers are to this rapidly developing form of cybercrime. As long as people are willing to click on attachments in emails or visit suspicious websites to see the latest viral video, cybercriminals will continue to prey on them using ransomware.

One promising survey finding is that those surveyed are using Internet security on their devices. More than three-fourths (77%) of respondents who have a computer (PC or Mac) have Internet security installed on it, 47% have it on their smartphone, and 31% have it on their tablet.

In addition, consumers are regularly backing up their files. Almost all (84%) of survey participants said they back up their digital files.

Although many people have the right idea about not paying the attacker, and many back up their digital files, being informed is one of the best defenses against ransomware.