1 in 30 have been hit by CryptoLocker and 40% pay the ransom, says study

Filed Under: Featured, Malware

RansomwareAn annual survey on computer security issues run by a UK university was published last week. Its stats on the prevalence of ransomware, and how many people give in to the crooks and pay the ransom, raised some eyebrows.

The University of Kent's 2014 Survey on Cyber Security found that 1 in 30 has had their system hit by CryptoLocker, and 40% of those paid up.

The figure for ransomware as a whole seems even more eye-opening, with almost 1 in 10 reporting having fallen victim.

The survey was organised by the University of Kent's Interdisciplinary Research Centre in Cyber Security, by a team composed of both computer scientists and psychologists, and conducted using Google's Consumer Surveys platform.

As the authors of the report caution their readers, the survey covered a relatively small number of people - just over 1,500 UK adults. That leaves it open to inaccuracies for all sorts of reasons, including sampling bias due to the kinds of people drawn to responding to online surveys, but the results seem dramatic enough to be more than just an anomaly.

Other data picked up by the survey seems fairly predictable. Around two-thirds of us feel at risk from cybercrime, just over 1 in 4 have been the victim of some sort of "cyber-dependent crime" in the last year, with malware (11.9%) and phishing (7.3%) the main culprits. 1 in 10 has been exposed to online bullying, harassment or stalking.

If the rate of malware infections seems a little higher than we normally see in surveys of this nature, that could well be down to the high levels of CryptoLocker and other ransomware included in those figures.

9.7% of people claimed they had been infected by ransomware of some kind, with CryptoLocker specifically named in the survey question and making up around a third of all reported infections.

Proving a negative

Survey data always has a problem in that it's only as accurate as the knowledge (and honesty) of the people being surveyed.

Malware, for the most part, aims to avoid revealing its presence to its victims, sometimes going to great lengths to do so.

So when you ask someone if they have ever been hit by malware, and their response is a strong and definite "no", that answer should always be viewed sceptically. How can they possibly know?

Proving a negative is not easy in the best of circumstances, and being certain something hasn't happened simply because you haven't noticed it happen is particularly difficult when the thing you haven't noticed is specifically designed to be secretive and stealthy.

Have you ever been spied on from a distant rooftop? No? Can you really be sure of that?

Unlike most malware though, CryptoLocker and other ransomware attacks make no secret of their presence, indeed their main intention is to make it very plain to their victims that they have been infected.

So it could be that what we're seeing here is not a change in the total level of malware going around, simply a change in the visibility of it to the general public.

Only a third have firewalls

And perhaps that is no bad thing. Other details emerging from this same survey include less than half of respondents using up-to-date anti-malware, just over a third implementing firewalls, and a little less than that exercising sensible password hygiene.

Maybe a little more visibility will finally make the general public start sitting up and paying more attention to the risks of malware and other online threats.

At the moment, it seems like we're still mostly either ignorant or in denial, right up until something nasty infects our machine and nabs our data, or encrypts it and demands a ransom.

That so many people pay up is not much of a surprise either. Like other security basics, it looks like proper backing up of sensitive or precious files is a rare thing.

Victims forced to pay up include police departments and law firms, with ransomware threats clearly targeting small businesses where proper security practices such as backups are more likely to be lacking.

These shortcomings may have been hidden in the past, but now they are being forced into the spotlight, and the shock may just jolt people into giving the right priority to their security needs.


Image of dollars courtesy of Shutterstock.

, ,

You might like

10 Responses to 1 in 30 have been hit by CryptoLocker and 40% pay the ransom, says study

  1. Anonymous · 139 days ago

    So, if 1 in 75 system owners in the UK sends a ransom payment to these crooks, this would amount to Billions in any currency world wide. Why isn't there some kind of legal crackdown or lynch mob tracking them down and putting an end to their crimes?

    • Richard · 139 days ago

      I agree, it seems to me that if these people are paying ransom. Why hasn't there been a sting to grab these criminals? I can see no reason unless the ransomers are a government, then I could see some difficulty in catching them.

      • Paul Ducklin · 139 days ago

        To catch them, government or not, you first have to work out who and where they are. That's not impossible. But it's not trivial. You send them some Bitcoins...then what?

  2. Jim · 139 days ago

    Most people don't seem to care about security until they've been the victim of it.

    There are some incredibly basic things that can make one's system(s) moderately secure with very little cost. You mentioned most of them: backup, password hygiene (I LOVE that phrase), etc. I would add "remove admin rights from users who don't need them (which you've also mentioned elsewhere).

    But, the big problem is getting people to take the steps. How do we get the message out? I love your site and organization, but frankly it's mostly techies who lounge around here, and they (hopefully) mostly follow decent practices.

    The next survey should try to figure out how to solve the education problem. I'm not sure how, but somehow it has to be done.

  3. Bob · 139 days ago

    My grandson's computer was hijacked by cryptolocker when we were in Winter Park Co. We did not pay. We shut down the computer and when we went home and went to the computer store it was gone

  4. Anonymous · 138 days ago

    .....Or why not just switch over to Linux or Mac and save yourself a lot of trouble as most malware and ransomware including cryptolocker only seem to target the Windows OS?

    • Buck · 135 days ago

      Since Linux has been a corporate mainstay for decades, hackers looking for a big score target Linux too. As for Apple, they have been recommending anti-virus software for a few years now.

  5. Buck · 136 days ago

    If people were more faithful in backing up their system then 0% would be paying the ransom.

  6. Patrick McDonald · 133 days ago

    Is there any preventative antimalware which targets cryptolocker? If so, they should advertise.

    • Paul Ducklin · 133 days ago

      Problem with an anti-virus that is specific to a particular malware strain is that it's unlikely to be generic enough to catch all the variants even of that one strain.

      Bit like having a toolkit that consists entirely of a single 10mm ring-end spanner. (Wrench in American English, I think.)

      Compact and 100% effective - until you get a bolt that's a bit tricky to access, and you think, "I could do with an open-ended spanner right now." And then, right at a critical moment, you realise, "Aaargh! That's an 8mm nut I see before me!"

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Hawes is Chief of Operations at Virus Bulletin, running independent anti-malware testing there since 2006. With over a decade of experience testing security products, John was elected to the board of directors of the Anti-Malware Testing Standards Organisation (AMTSO) in 2011.