Younger Ransomware Victims More Likely to Pay Up

New research has found that the age of a ransomware victim may affect their willingness to pay for the recovery of their data. 

A study by cybersecurity company Kaspersky found that while 65% of victims aged between 35 and 44 paid their attackers for a decryption key, only 11% of victims aged 55 and over, and 52% of victims aged 16 to 24, gave in to ransom demands. 

The Kaspersky Consumer IT Security Risks Survey (Consumer ITSR) interviewed a total of 15,070 adult consumers globally between September and October 2020 about their attitudes toward online privacy and whether they had experienced any security incidents in the past 12 months.

Overall, just over half (56%) of ransomware victims paid up in the hope of getting their data back, but 17% of those did not recover their encrypted files.

Whether they handed over a ransom or not, only 29% of all victims were able to restore every single one of their affected files following an attack. Half of victims reported losing at least some files, while 32% lost a significant amount, and 13% lost virtually all their data.

Researchers found that only 39% of those surveyed claimed that they were aware of ransomware over the past 12 months. 

“This data shows we have seen a significant proportion of consumers paying a ransom for their data over the past 12 months,” said Marina Titova, head of consumer product marketing at Kaspersky. 

“But handing over money doesn’t guarantee the return of data, and only encourages cybercriminals to continue the practice. Therefore, we always recommend that those affected by ransomware do not pay as that money supports this scheme to thrive."

Titova said that consumers should take preventative cybersecurity action and also report ransomware attacks to their local law enforcement agency.

"Consumers should make sure to invest in initial protection and security for their devices and regularly back up all data," said Titova.

"This will make the attack itself less appealing or lucrative to cybercriminals, reducing the use of the practice, and presenting a safer future for web users.”