Want to know why ransomware is still rampant? One in three surveyed folks in North Americans said they would be willing to pay up to unscramble their files once their personal systems were infected.
This is according to a customer survey [PDF] by Kaspersky Lab. The Russian security house polled more than 2,000 business workers in the US, and 1,000 in Canada, in an online study, and found that 33 per cent would cough up at least some money to cyber-extortionists to get their data back on their own personal machines.
If you're a crook, one third of your victims paying out is a pretty nice return, especially when Kaspersky estimates that 1.2 million people are hit with ransomware every six months. Americans are easier marks than Canadians, the study found, so the US can't blame Canada for this one.
Young adults are the best target for extortionists, it seems. The study noted that 20 per cent of people born between 1995 and 2002 (that's 18 to 25 years old) said they would shell out between $50 and $200 to get their personal info back. Only seven per cent of people born before 1964 would be willing to pay that much.
Fresh virus misery for Illinois: Public health agency taken down by... web ransomware. Great timing, scumbagsREAD MORE
When the question was changed from personal computers to data encrypted on company machines, 39 per cent said the cash demand should be paid, we note.
Amusingly, five per cent of people think employees should shoulder the financial burden if companies refuse to cough up the ransom, paying the costs of a leak out of their own pockets.
This is where we should point out that paying ransomware fees is a really bad idea. Security and law enforcement groups alike agree that keeping regular offline backups and patching your software is a far better plan than paying demands, and there is no guarantee you will even get your data back should you agree to foot the extortion fees.
While it is considered a best practice not to give in to ransomware demands, some suggest that tough talk only goes so far, and when it comes down to getting critical business data back, sometimes there is a case for paying up. ®