RANSOM-WHAT?

A study on consumers’ awareness

of ransomware

1 | RANSOMWARE REPORT | KASPERSKY LAB

EXECUTIVE SUMMARY
Ransomware is a type of malware that can systematically encrypt files on a hard drive that typically cannot be unlocked
or decrypted without the encryption key. By restricting access to an infected computer or mobile system, the attacker
has the ability to demand that the user pay them a ransom in order to remove the encryption restricting the victim’s
access to their files and data.

Since ransomware is widely recognized throughout the cybersecurity community as a significant cyber threat, Kaspersky
Lab wanted to gain insight into consumers’ understanding about serious cyber threats like ransomware. The company
also wanted to know if they are taking adequate action to safeguard their digital lives from such threats.

To help us gain this knowledge, Kaspersky Lab commissioned the research firm Opinion Matters to survey over 5,000
consumers in the United States and Canada, aged 16+.

The study results suggest consumers are unaware of ransomware, are not worried about ransomware attacks, and
don’t know what type of data can be stolen during this type of attack.

The findings also highlight that there is a discrepancy between the spread of ransomware attacks and what consumers
actually know about the topic.

Key findings from the study include:

• Viruses, spyware and Trojans top the list of cyber threats consumers are most worried about, with only 16% of
consumers admitting to being worried about the threat of ransomware. In addition, 43% of consumers do not know
what ransomware is, with 9% believing it’s when social media accounts are held for ransom.

• More worrisome is the fact that 43% of Americans and 46% of Canadians admitted to not knowing what type of data
or information can be stolen during a ransomware attack.

• When facing a ransomware attack, consumers are unsure of how to remediate the damage, with 25% of all participants
believing that disconnecting the computer from the internet could stop the attack. Also, 15% of Americans and 17%
of Canadians think unplugging the computer or turning off the mobile device could stop it, with a small amount
believing negotiating with the attacker is the best way to stop the attack.

• Despite the risk of losing digital assets like photos, videos and audio files, most (53%) are not willing to pay a ransom.
On average, respondents would be willing to pay only a small amount to recover their personal digital files – less
than the average consumer pays monthly for lunch.i

• Surprisingly, 26% of Americans and 24% of Canadians said they would be willing to give up social media permanently
in order to guarantee the future protection of their personal digital files.

• The top three things respondents were most concerned with losing were their bank account information, their social
security number and their credit card details. Female respondents were more concerned about losing personal
photos than their male counterparts (18% compared to 12% of males in the U.S. and 21% compared to 12% of males
in Canada)

• Despite a lack of knowledge about ransomware, a sizable amount of consumers are using internet security on their
devices, with only 11% of U.S. respondents and 12% of Canadian respondents indicating that they don’t have internet
security installed on any of their personal digital devices.

2 | RANSOMWARE REPORT | KASPERSKY LAB

RANSOMWARE OVERVIEW
It is hard to ignore the prevalence of ransomware within the last year. As a
malware that can restrict access to a computer system so it becomes difficult or
impossible to decrypt without help from the attacker, it has become a danger to
individuals and businesses alike.

Ransomware isn’t a new phenomenon – CryptoLockerii was a popular ransom

Trojan that hit hundreds of thousands of PCs starting in 2013 – but recently,
ransomware infections are growing at an alarming rate.

Beyond industry reports, this type of malware is making front page headlines,
attacking everything from personal computers and smartphones to hospitals
and police departments. Mobile phones are being attacked by malware like
Dogspectus, a ransomware sample that infects smartphones and tablets via drive
by download. Even Macs users are not safe; the KeRanger malware maliciously
encrypts a hard drive and then asks for payment to allow the user to decrypt the
disk and access their data.

During the last two years, the U.S. Federal Bureau of Investigation (FBI)
processed about 4,200 ransomware complaints and estimated victims
lost more than $47 million.v These complaints include victims like
Hollywood Presbyterian Medical Center in California and the
Tewksbury Police Department in Massachusetts, both of which suffered
at the hands of ransomware attackers and ended up paying the ransoms.

According to the Kaspersky Lab Q1 2016 malware report,iii 345,900

ransomware attacks were detected in the first quarter of 2016, a 30% increase
of attacked users compared to the fourth quarter of 2015. Moreover, the
Verizon Data Breach Investigations Report of 2016iv data suggests a growing
reliance of cybercriminals on ransomware, stating that ransomware attacks
have increased by 16% over 2015 findings.

3 | RANSOMWARE REPORT | KASPERSKY LAB

As stated in the Kaspersky Lab predictions for 2016,vi “We expect to see the
success of ransomware spread to new frontiers. Ransomware has two
advantages over traditional banking threats: direct monetization and relatively
low cost per victim. In the longer term, there is the likelihood of IoT ransomware,
begging the question, how much would you be willing to pay to regain access
to your TV programming? Your fridge? Your car?”

As part of its commitment to help people protect what matters most in their
online-enabled world, Kaspersky Lab commissioned this research to explore
consumer awareness of ransomware across the United States and Canada.

RESEARCH METHODOLOGY
The quantitative study was undertaken by research firm Opinion Matters, which
surveyed 4,121 adults aged 16+ from the United States, and 1,023 adults aged 16+
from Canada. The survey was undertaken online from March 2016 to April 2016.

THE RESEARCH FINDINGS

Lacking an understanding about ransomware

The results revealed that consumers today do not know about ransomware,
are not worried about ransomware, and don’t know what data can be stolen
from them during this type of attack.

For many consumers, ransomware is not top of mind. The top three cyber Only 16% of American
threats respondents are currently most worried about are viruses (USA: 75%, respondents and 13% of
Canada: 68%), spyware (USA: 55%, Canada: 48%), and Trojans (USA: 52%, Canadian respondents said
Canada: 45%). ransomware was one of the
top five cyber threats they
When looking at some of the survey demographics, of the small amount that were most worried about.
was concerned with ransomware attacks, more males were worried about
ransomware. In the U.S., 22% put it in their top five cyber threats, compared
to 15% of females.

4 | RANSOMWARE REPORT | KASPERSKY LAB

 One reason they may not be concerned with ransomware, is that many
consumers do not know what it is. During the survey, 43% of consumers
admitted that they do not know what ransomware is, with 9% believing it’s when
social media accounts are held for ransom.

In addition to a lack of understanding what a ransomware attack involves, many

consumers do not know what cybercriminals can take once they have control
over a digital device. The majority of respondents (44%) confessed that they did
not know what data or information could be stolen in a ransomware attack.

Chart  Title
Figure 1: Consumer response to what can be stolen in a ransomware attack

43%
I don’t know what can be stolen in a ransomware attack
46%

38%
Access to a computer system
33%

38%
Passwords
36%

33%
Documents
29%

32%
Financial information
28%

31%
Social media login information
29%

31%
Social security numbers
26%

30%
Photos
28%

23%
Money
21%

19%
Apps
18%

6%
Other
7%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%

U.S. Canada

US Canada

In addition to overall statistics, it was interesting to analyze the data on Millennials.

Reviewing the data showed that 42% of Millennialsvii said they did not know what
ransomware is and only 13% were worried about ransomware in general. In
addition, 43% said they do not know what could be stolen during a ransomware
attack and 38% would not know the steps to take in order to stop an attack.
As a generation that grew up in a gadget-filled, constantly online and socially-
networked world, they would likely be seriously impacted if ransomware was to
infect their digital devices

5 | RANSOMWARE REPORT | KASPERSKY LAB

Figure 2: Millennials’ knowledge regarding ransomware Chart  Title

I don’t know what steps to take in response to a ransomware attack 38%

I don’t know what can be stolen during a ransomware attack 43%

I'm worried about ransomware 13%

I don't know what ransomware is 42%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%

This could indicate a lack of knowing what digital files should be protected. Several respondents declared
Not knowing that cybercriminals can take personal documents, photos, videos, that they would be willing to give
audio files and lock them out of a person’s reach, can leave people vulnerable. up social media permanently in
Especially as only 31% believe financial information could be taken during a order to guarantee the future
ransomware attack. protection of their personal
digital files (26% of Americans
Despite not knowing that personal information could be stolen, the findings and 24% of Canadians).
highlighted the elevated importance that consumers placed on the personal
data they store on digital devices and the fact that they cannot live without their
digital files.

Furthermore, consumers acknowledged that they store personal credentials

on their digital devices, and they shared their concern that losing this personal
information would allow a cybercriminal to steal their identity and finances. The
top three things respondents were most worried about losing were their bank
account information, their social security number and their credit card details.

The study revealed a gender difference in responses to the importance of

photos. Female respondents in both the U.S. and Canada were more concerned
about losing personal photos than their male counterparts (18% compared to
12% of males in the U.S. and 21% compared to 12% of males in Canada).

6 | RANSOMWARE REPORT | KASPERSKY LAB

 Chart  Title

Figure 3: What consumers worry most about losing in a cyber crime attack
Bank account information 78%

Credit card details 55%

Social security number 67%

Login details to your personal email 18%

Personal photos 17%

Home address 9%

Login details to your social media account 7%

Work documents 4%

Date of birth 6%

Telephone number 3%

0% 10% 20% 30% 40% 50% 60% 70% 8

“Today’s consumers store so much on their devices. More stuff than they even realize. The problem
is, many of them are not thinking ‘what if I lose access to all my photos, music, videos?’ when that is
exactly what they should be worried about and preparing for. Learning how to protect yourself against
it is so simple and necessary, especially if the data is of great value to you and you felt like you could
not do without it if you were attacked by ransomware. If you value your personal data – protect it.”

Ryan Naraine, Head of the Global Research and Analysis Team, USA, Kaspersky Lab.

7 | RANSOMWARE REPORT | KASPERSKY LAB

Needing an Education in Protection

A lack of education on what ransomware is also leads to a lack of knowledge

in how to prevent or stop ransomware attacks, leaving many consumers even
more vulnerable. It also shows that there is a discrepancy between the spread
of ransomware attacks and what consumers actually know about the topic.

When asked ‘if you fell victim to a ransomware attack, what do you think could
stop the attack?’ The majority of respondents wouldn’t know what steps to take
in response to a ransomware attack (46%). The findings also indicated that the
percentage of respondents who would not know what steps to take grew with
increasing age, from 37% of those aged 16-34 to 54% of those aged 55+.

More concerning, 15% of Americans and 17% of Canadians think unplugging the
computer or turning off the mobile device could completely stop it, with a small
amount believing negotiating could stop the attack.

Although not the recommended method for attempting to stop an attack for
several reasons, 24% of respondents said that paying a ransom to access the files
could stop the cybercriminals from continuing to take hold of a digital device.

Figure 4: What consumers believe could stop a ransomware Chart  

attack Title

Negotiating with the attacker 9%

Unplugging the computer or turning off the mobile device 16%

Disconnecting the computer from the internet 24%

Paying a ransom to access the files 24%

I wouldn't know what steps to take 46%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%

While many people may not know the way to stop an attack, many would
not be willing to give in to the demands of the attackers. Over half (53%) of
respondents are not willing to pay a ransom. Of those that would pay a ransom
to recover use of their device or personal files, respondents would be willing to
pay, on average, only a small amount to recover their personal digital files – less
than the average consumer pays monthly for lunch.

8 | RANSOMWARE REPORT | KASPERSKY LAB

A lack of comprehension around ransomware shows how vulnerable consumers
are to this rapidly developing form of cybercrime. It also exemplifies how the
proliferation of things like ransomware-as-a-service could cause even more
problems for the general population.

One promising aspect shown by the data is that those surveyed are using internet
security on their devices. More than three fourths (77%) of respondents who
have personal devices have internet security installed on a PC, laptop computer
or Mac, 47% have it on a smartphone, and 31% have it on a tablet.

However, 11% of Americans and 12% of Canadians don’t have internet security
installed on any of their personal digital devices. This is slightly better than the results
of the Digital Amnesia study, which found one in four (28%) does not protect any of
their devices with additional security.viii

Figure 5: Consumers who install internet security on devicesix

Chart  Title

I don’t have internet security installed on any of my personal digital devices 11%

Tablet, such as an iPad or Samsung Galaxy Note 32%

Smartphone, such as iPhone or an Android 49%

PC, laptop or Mac 79%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90%

In addition, consumers are regularly backing up their files. Almost all (84%) of
survey participants said they back up their digital files that are stored on their
personal devices. The top three ways of backing up digital files were by using the
cloud, an external hard drive and by using email.

“Ransomware is a growing epidemic in 2016 and we are likely to see it continue in the near future.
Although it has been around for more than a decade, we have seen a recent explosion of new
ransomware families that is cause for concern. For cybercriminals, ransomware is a popular and
effective method of making money by preying on weaknesses in consumers. As long as people are
willing to click on attachments in emails or visit suspicious websites to see the latest viral video,
cybercriminals will continue to use ransomware long into the future.”

Ryan Naraine, Head of the Global Research and Analysis Team, USA, Kaspersky Lab.

9 | RANSOMWARE REPORT | KASPERSKY LAB

CONCLUSION
Many people today are unaware of newer cyber threats and how they could steal their personal digital files. Not knowing
what ransomware is, what it can steal, or how to prevent it is a serious issue – one that even the FBI is determining how
to help the general public address.

Although many people have the right idea when it comes to not paying the attacker, and many backup their digital
files, being informed is one of the best defenses against ransomware.

Furthermore, the results of this study demonstrate that if people value their digital life – pictures, documents, videos,
passwords, etc. – then proper security steps need to be taken, including using an advanced internet security solution
and routinely backing up their files.

Ransomware is a growing cyber threat that impacts consumers of all ages and will continue to be a threat as long as
cybercriminals can continue a monetary gain from it. Kaspersky Lab is committed to helping people understand the
threats they face in the cyber world and empowering them to effectively address and prevent those threats in order to
keep both consumers and their data protected.

“To combat ransomware now and in the future, consumers (and businesses) need to have a multi-
layered approach to staying safe. The use of modern anti-malware technology with proactive
protections along with regularly backing up important files and making sure they are stored offline is
imperative. Add in some common sense when it comes to clicking on attachments and strange links,
and you can minimize your exposure to risk.”

Ryan Naraine, Head of the Global Research and Analysis Team, USA, Kaspersky Lab.

i. 2015 Visa Lunch Spending Survey

ii. CryptoLocker is Bad News [Web log post]. (2013, November 11)
iii. Q1 Threat Evolution Report (Tech.). (2016, May 5). doi:Securelist
iv. Brumfield, J. (2016, April 27). Verizon 2016 Data Breach Investigations Report (Rep.)
v. Anderson, V. D. (2016, April 26). Ransomware: Latest Cyber Extortion Tool.
vi. Andrés Guerrero-Saade, J. (2015, November 17). Kaspersky Security Bulletin. 2016 Predictions (Tech.)
vii. The term ‘Millennials’ in this study is referring to those aged 16-34 who participated in this survey
viii. Digital Amnesia (Rep.). (2015, July 1)
ix. This question was only answered by respondents who do have personal devices

Kaspersky Lab
500 Unicorn Park, 3rd Floor Woburn, MA 01801 USA
Tel: 866-563-3099 | Email: corporatesales@kaspersky.com
To learn more visit us at: usa.kaspersky.com
© 2016 AO Kaspersky Lab. All rights reserved. Registered trademarksand service marks are the property of their respective owners.