Americans more likely to pay data ransom, Brits pay higher amountsby Nikola Strahija on February 18th, 2016 In the United States alone more than 50% of ransomware victims have paid the extortionists according to a study conducted by Bitdefender in November 2015. Half of victims are willing to pay up to $500 to recover their data.
This brings the ransomware business staggering amounts of money that further fuels cybercriminal activity. The study, which was conducted on 3009 Internet users from US, UK, France, Germany, Denmark and Romania, tells us that the following facts:
- 50% of the victims are willing to pay up to $500 in ransom
- UK victims would pay most
- US users are the main target for ransomware
- Personal documents (photos etc.) rank first among priorities
- 50% of users can't identify ransomware as a type of threat
When asked to rank ransomed data by importance personal documents rank highest with 38% of Romanian users, 30% for US citizens and 26% for Germans. Personal photos rank second in importance in France, Denmark and Romania, with 17 percent, 19 percent, and 28 percent of respondents stating their willingness to recover them. Job-related documents rank third for the same countries, with only 11 percent, 8 percent and 24 percent of respondents, respectively, expressing willingness to pay for their recovery. Only the Danes ranked personal movies third.
Ransomware victims in the UK are willing to pay the highest amounts, over $500 USD, amongst the consumers covered by the study, followed by Danes with $400+ and US citizens paying $350.
Internal reports show that 61.8% of all malware files distributed via email are targeting US internet users followed by the French with 55.8%.
To jumpstart the user's curiosity messages range from "Please see attached file", "Please find your invoice attached" or "Here's your shipping info".
Today's ransomware locks and encrypts the entire filesystem until the user pays for the decryption key.
For US victims the payment is almost always requested through bitcoins giving bitcoin while it is not uncommon for the ransomware to demand payment through "PaySafeCard".
On mobile platforms, specifically Android, ransomware usually just locks the screen and in some cases encrypts the SD card. As for infection vectors, one of the most common methods for delivering Android ransomware has been through malvertising. In this process, malware developers poison ads on legitimate websites by purchasing advertising space. When clicked, these ads either redirect users to fake marketplaces or trick them into downloading seemingly innocuous video players or system updates that end up infecting devices.
I see the Android platform being the next big market for ransomware since it has a staggering 1.4 Billion active devices according to Google CEO Sundar Pichai. iPhone users shouldn't be at ease - as we've written before ransomware is being developed actively for the iOS platform.