IT Pros Report Surge in Concern About Ransomware


According to the results of a recent KnowBe4 survey of more than 300 IT professionals, 73 percent of respondents said they're very or extremely concerned about the impact of ransomware, up from 48 percent in a similar survey by Webroot in January of this year.

Eighty-eight percent of respondents expect ransomware attacks to increase in 2014, up from 66 percent in the January Webroot survey -- and respondents' confidence in endpoint security dropped to 59 percent from 96 percent in January.

"We thought it would be interesting to use the same questions to see what impact ransomware has had in six months time," KnowBe4 CEO Stu Sjouwerman said in a statement. "We found the threat of ransomware is very real, and IT professionals are increasingly realizing traditional solutions like endpoint security are failing."

Almost half of IT pros surveyed said they know someone who has experienced a ransomware attack.

While most respondents said they would turn to backed up data to avoid paying a ransom, 57 percent said they would pay the ransom if their backup failed.

And while 88 percent of respondents say security awareness training provides the most effective protection from ransomware, a recent EMA survey found that more than 56 percent of employees haven't received any security awareness training.

"The potential cost of employees making poor security choices due to lack of awareness and understanding may go unrecognized until it becomes an actual cost of breach reparations," the EMA report stated.

Ransomware is also going mobile -- Lookout researchers recently came across a new form of Android malware called ScarePakage, which poses as well-known apps like Adobe Flash and anti-virus applications.

Upon installation, the malware locks the user's device and displays a warning that appears to come from the FBI, claiming that the user has been charged with viewing child pornography and demanding several hundred dollars via MoneyPak to unlock the device.

"These new types of aggressive ransomware are using Android's own built-in security measures to extort money from users," Malwarebytes senior malware intelligence analyst Armando Orozco said by email. "The malware authors are taking the same trajectory as Windows ransomware, using fake porn and Adobe Flash apps as a testing bed."

"Consumers need to give a second thought to allowing any app to receive device administrator privileges, and developers need to do a better job of informing users why they're requesting it," Orozco suggested.

User education is just as crucial for mobile devices as it is for desktops -- McAfee Labs senior research architect Carlos Castillo recently told eSecurity Planet that people need to be made more aware of the importance of using security software on their mobile devices. "Users should understand how their 5-to-9 life can affect their 9-to-5 life," he said.