Sunday, March 2, 2014

[net-security] Two of every five CryptoLocker victims pay the ransom

Ransomware is one of the most effective means for cyber crooks to "earn" themselves huge sums of money with practically no effort, which explains its popularity with that particular crowd.


But just how much money are we talking about here? Also, ransomware has been around for a while now - surely people aren't falling for these tricks anymore?

Well, as it turns out, they do, and in much greater numbers that generally thought. This claim is backed by the results of a survey in which University of Kent researchers interviewed 1,502 individuals from throughout the UK on their experience with cybercrime.

According to the numbers, around 10 percent of the respondents have been affected by CryptoLocker or other similar malware demanding a ransom, and roughly 35 percent of those ended up paying up (41 percent for Cryptolocker, 30 percent for other strands of ransomware). 

The ransom for Cryptolocker is usually around £300 (currently around $500), so clearly, this type of attack is so effective and lucrative that we can't expect cyber crooks to stop soon - if ever - as there are always new, inexperienced users who will fall for the trick.

Other results from the survey include:
  • Over a quarter of respondents reported being a victim of a cyber-dependent crime over the last twelve months (26%), and a proportion of them experienced multiple incidents.
  • Of those respondents who reported a cybercrime, the majority did it to a financial institution (5%) or their Internet Service Provider (3.8%), 2.7 percent to Action Fraud, and 3.5 percent to law enforcement agencies. 13 percent of the respondents didn't report the crime, either because they thought it was a waste of time or they did not know where to report it.
  • 2,3 percent of the respondents were victims of online stalking, 2,9 percent of online bullying, and 1,7 percent of online sexual offences
  • The prevalence of the Cryptolocker ransomware (3.4%), and the proportion of Cryptolocker victims that claim to have agreed to pay the ransom (41%) seems much higher than expected (Symantec put that last number at 3 percent, Dell SecureWorks at 0.4 percent).
  • Women are less affected by ransomware. "We have reasons to believe this would most likely happen with any other malware infection as women in general probably engage in less risky practices, and use security measures more frequently," the researchers commented.
  • Also, when it comes to measures take to improve their online security, women again do better then men.
  • Online security practices in Scotland are consistently better than in the rest of the UK, and Ireland comes last.
Even though the researchers pointed out that the relatively small size of this survey means that the numbers are not to be taken as definitive, the small fraction of victims who have reported cybercrimes through ActionFraud or the Police implies that the extent of cybercrime in the UK is significantly higher than previously thought.

"If the results reported on the rate of CryptoLocker victims who pay a ransom are to be strengthened by further research, these figures would be extremely troubling, netting criminals behind the ransomware hundreds of millions. This would encourage them to continue with this form of cybercrime, potentially prompting other criminal gangs to jump into an extremely profitable cybercrime market," commented Dr Julio Hernandez-Castro, one of the authors of the research.
http://www.net-security.org/malware_news.php?id=2720

No comments:

Post a Comment