Ransom paid by two out of every five victims of CryptoLocker

New figures from the University of Kent have revealed that around forty per cent of victims of an advanced form of malware called CryptoLocker have agreed to pay the ransom, of typically $300 to $750, to recover their files.

This is one of the more surprising and worrying findings in the second Survey on Cyber Security by members of the University’s Interdisciplinary Research Centre for Cyber Security. The research also revealed the prevalence of this type of ransomware, which makes personal files inaccessible by encrypting them, is at about 1 in 30, much higher than suggested so far.

Other alarming findings include that almost thirty per cent (28.2%) of the respondents claimed  not to engage in any security practices online, such as the use of antivirus software, firewalls, password management tools, etc.

Across all categories of the survey, the results revealed women state they take less risk online and generally adopt better security practices, such as regularly changing their passwords. A substantial majority of those who don’t feel at risk online are men, whilst men are also less likely to report a cybercrime because they believe it is a waste of time (9.6%).

The Survey, which set out to explore the extent to which Britons have been affected by different forms of cybercrime, also found online security practices in Scotland to be better than in the rest of the UK.

The survey investigated for the first time the number of users who had been victims to online bullying, harassment or sexual offences. Figures show that almost one in thirty (2.9%) people affirm they had been a victim of online bullying or harassment, whilst similar numbers (2.3%) had been victims of online stalking. Worryingly, online sexual offences were also reported with a similar prevalence.

Dr Julio Hernandez-Castro, from the Centre for Cybersecurity and the University’s School of Computing, said: ‘If the results reported over the rate of CryptoLocker victims that pay the ransom were to be confirmed by further research, these would be extremely troubling, netting the criminals behind it hundreds of millions. That would encourage them to continue and other criminal gangs to jump into this extremely profitable cybercrime market, with the obvious dicey consequences.’

Dr Eerke Boiten, Director of the Centre, added: ‘From the small fraction of victims who have reported cybercrimes in the recommended way, through ActionFraud or the police, we can conclude that official records are significantly underestimating the extent of cybercrime in the UK.’

The first Survey, which released results in August 2013 revealed almost one in five people (18.4%) in the UK had their online accounts hacked, with some people (2.3%) losing more than £10,000 due to criminal activity.

The Interdisciplinary Research Centre in Cyber Security encompasses researchers from the University’s Sciences and Social Sciences faculties, and is led by the University of Kent’s School of Computing. Both Dr Hernandez-Castro and Dr Boiten are with Kent’s School of Computing. Magali Barnoux, from the Faculty of Psychology at Kent, also contributed to this run of the survey.

An Executive Summary and a much more detailed analysis of the findings of the second Survey on Cyber Security can be viewed here.