How much someone is willing to pay in a ransom attack varies greatly by age, with younger consumers likely to pay more.
That’s one of the findings in a new study among over 2,000 U.S. adults conducted online on behalf of Radware by Harris Poll. It’s not a great sign after a year when ransom attacks locked up patient records at hospitals and disabled MUNI ticket machines in San Francisco. The attacks included ransomware, ransom DDoS, and other threats designed to extort money from unprepared organizations. Many variants arose, including Locky and Petya that propagate through spam emails and phishing, respectively; Samas, which exploits webserver vulnerabilities; and Cerber, which imitates an Adobe Flash player update.
While many attacks have targeted organizations and businesses, consumers have felt the brunt as well. Yet two-thirds of consumers who have personal files stored on a computer/mobile device (66 percent) said they wouldn’t pay a ransom to unlock their personal files if a hacker encrypted them.
Some, however, are more likely to pay than others. The willingness to pay a ransom varied by age group, with younger consumers who have personal files stored on a computer/mobile device more likely to pay up than their older counterparts. More than half of 18-34 year olds (53 percent) were willing to pay, as were 48 percent of 35-44 year olds. Just 25 percent of 45-54 year olds said the same thing, along with 20 percent of 55-64 year olds and only 15 percent of those ages 65+. This suggests that younger demographics may value digital assets more than older ones, perhaps in part because they have more music, photos, personal financial data, and other assets at stake.
Younger consumers who have personal files stored on a computer/mobile device are also more likely to pay more money to get their data back compared to their older counterparts. One in five 18-34 year olds (21 percent) and 35-44 year olds (20 percent) said they would pay $200 or more to regain access to their personal files. Just 8 percent of 45-54 year olds, 6 percent of 55-64 year olds, and 3 percent of those ages 65+ said the same thing.
While 66 percent of consumers said they wouldn’t pay, what they would actually do if infected with ransomware remains to be seen. In our 2016 Executive Application and Network Security report, we found that among C-suite respondents who hadn’t been hit with ransom attacks, 84 percent said they wouldn’t pay. Among those who had actually been attacked, 43 percent paid. Beliefs don’t always match actions when data is at stake.
Consumers are particularly vulnerable, as they lack the resources, support, and secure systems many large companies have at their disposal to ward off or recover from attacks. College students have been one common target, as most have nowhere to turn to recover their files. It’s easier to pay up and get their hard drive back.
As mobile ransomware becomes more common – threats were 15 times higher in June 2016 than April 2015 – the stakes rise, as phones hold more personal and more valuable data that both organizations and consumers could be willing to pay to get back.
But you should only pay a ransom if you want to keep paying. One reason ransom attacks became so common and widespread in 2016 was because they’re effective and lucrative. Stop paying, and shut off the cash flow, and ransom might slow its rapid rise.
The majority of consumers have the right idea about how to respond to ransom attacks, but millennials would be wise to second guess their instinct to pay up.
This survey was conducted online within the United States by Harris Poll on behalf of Radware from November 14-16, 2016 among 2,059 U.S. adults ages 18 and older. This online survey is not based on a probability sample and therefore no estimate of theoretical sampling error can be calculated. For complete survey methodology, including weighting variables, please contact Deborah.firstname.lastname@example.org.