Report: More than one in five Americans have experienced ransomware attacks

As the 2020 election approached, threat intelligence company Anomali commissioned Harris to investigate Americans’ attitudes toward cybersecurity and government. The survey covered 2,000 US citizens over the age of 18, focusing only on one issue that is currently highly cognitive and sensible: ransomware.

More than one in five Americans have experienced ransomware attacks. Young men (between 18 and 34 years old) are more vulnerable than women (27% vs. 16%). The survey did not give the exact reason, but it may be because women are usually more cautious about attachments, while younger men are more adventurous on the Internet. Of those who have experienced ransomware attacks, 18% are on personal devices and 5% are on work devices.

Plurox malware

“Cryptolocker ransomware”by Christiaan Colen is licensed under CC BY-SA 2.0

The attitude of Americans to paying ransoms is clear, but it is also very tolerant. Of the people whose personal devices were attacked, 29% chose to pay the ransom; 46% of the companies that suffered the attack paid the ransom. Despite this, 66% believe that government agencies should never pay a ransom; 64% believe that companies should not pay. 70% of Americans feel that the organization that actually paid the ransom is because there is no choice.

What is the basic reason for paying the ransom? Given the growing personal privacy perceptions in the United States, it is not surprising that companies move out of personal information as the highest reason for paying the ransom: 58% of companies mention protection of customer information; 53% mention protection of employee information. These reasons are even more important than the security guarantee (49%) and national security (48%).

For government agencies, these data are a bit counterproductive. The main reason for paying the ransom is to protect national security (62%); but protecting personal information still scores quite high, accounting for the second-highest 56%. In addition, the organization’s own protection is consistently ranked last, with about 28% of respondents mentioning it.

The results of the survey reflect that American citizens have a clear attitude toward the government and the company. The main responsibility of these organizations should be to protect the personal data of citizens. Politicians will pay attention to this because the public’s understanding and attention to cybersecurity issues have been enhanced. Seventy percent of registered voters claim that they will consider the candidate’s cybersecurity stance in future local, state, or federal elections. 64% said they would not vote for candidates who tend to pay ransom to cybercriminals.

You can read the full report here.