A new Webroot survey reveals a disconnect between what college students say they would pay to access personal data being held for ransom and the reality of actual ransomware payments. While students reported they would only pay around $50 to retrieve their personal data, typical ransomware payments actually range from $500 to $1,000.
In May, the FBI’s Internet Crime Complaint Center reported there were 2,453 reported ransomware incidents in 2015, resulting in losses to victims of over $1.6 million. But the majority of headlines around ransomware have highlighted businesses under threat. This may explain why students claim they would spend no more than what a nice meal would cost to ransom their information.
According to the survey, students would pay on average $29 for a dating profile; $52 for a term paper; $78 for a banking log-in; and $86 for private photos. On average, students would pay $52 to access ransomed data, but in reality, consumers are paying a much higher amount.
“Ransomware authors tend to demand wildly different amounts per system,” said Tyler Moffitt, senior threat research analyst at Webroot. “Oftentimes, it will depend on what the author thinks he can squeeze out of the victim. Occasionally, operators will provide a means for the victim to communicate with them, and we have seen the cost negotiated to a lower amount. We’ve also seen demands on individuals for upwards of $2,000. So while the respondents’ claim they would never pay even close to that amount, it’s much easier said than done. The game really changes when one is actually put in the ransomware hot seat.”
The rise of security threats like ransomware further reinforces the need for students to protect their personal identities. However, only 56% of students have a security solution installed on their computer. When it comes to mobile devices that number drops to 34%, with 66% saying they don’t have or “aren’t sure” they have a mobile security solution. When asked why they are not using a security solution, 18% said it “wasn’t needed”; 15% said security solutions are “too expensive; and 10% said the options are “too complicated”.
“It is in everyone’s best interest to run a security solution on their personal device or devices,” said Moffitt. “It is alarming that 45% of college students say they don’t have, or aren’t sure they have, a security solution on their computer. The good news? Finding an option that fits isn’t hard. Reputable cybersecurity solutions are inexpensive compared to what they save, can be deployed in seconds, and protect devices with zero interaction from users.”
What can students do to stay secure?
Security-conscious students should adopt some simple yet effective strategies to ensure their personal devices and data are secure in a range of environments:
1. Purchase and deploy a top-rated security solution. There are a number of existing cybersecurity solutions that continuously protect personal information without taking up disk space or otherwise affecting user experience by making devices unavailable during scans. These solutions are also affordable, especially when considering the immediate cost of ransomware and long-term cost of identity theft.
2. Keep your security software up-to-date. Make sure that all security software subscriptions are current.
3. Store sensitive data in the cloud. Generally, encrypting ransomware only has the means to encrypt files stored locally on a user’s system. Because of that, data stored in the cloud can often be more secure than storing on a home network.
4. If documents are too private to risk ending up in someone else’s hands, create local backups instead. Store them on an external hard drive, and disconnect that drive when not using it.
5. Avoid free public Wi-Fi. Cybercriminals are known to create ad-hoc networks that look like free Internet, but actually launch a “man in the middle” attack. It’s best to stick to secure networks when on-the-go.
6. Use a password. Lock mobile devices to ensure data remains secure.
7. Use good judgement. Be extra vigilant about the websites visited, the URLs followed and the applications and mobile apps used.