TY - GEN
T1 - “I was told to buy a software or lose my computer. I ignored it”
T2 - 15th Symposium on Usable Privacy and Security, SOUPS 2019
AU - Simoiu, Camelia
AU - Gates, Christopher
AU - Bonneau, Joseph
AU - Goel, Sharad
N1 - Funding Information:
8. What is your field of work or study? [drop down menu]. Available choices included: Architecture, Engineering, and Math; Arts and Design; Building and Grounds Clean-ing; Business and Financial; Community and Social Service; Computer and Information Technology; Con-struction and Extraction; Education, Training, and Li-brary; Entertainment and Sports; Farming, Fishing, and Forestry; Food Preparation and Serving; Healthcare; In-stallation, Maintenance, and Repair; Legal; Life, Physi-cal, and Social Science; Management; Media and Com-munication; Military and Protective Service; Office and Administrative Support; Personal Care and Service; Pro-duction; Sales; Transportation and Material Moving;
Publisher Copyright:
© is held by the author/owner.
PY - 2019/1/1
Y1 - 2019/1/1
N2 - Ransomware has received considerable news coverage in recent years, in part due to several attacks against high-profile corporate targets. Little is known, however, about the prevalence and characteristics of ransomware attacks on the general population, what proportion of users pay, or how users perceive risks and respond to attacks. Using a detailed survey of a representative sample of 1,180 American adults, we estimate that 2%-3% of respondents were affected over a 1-year period between 2016 and 2017. The average payment amount demanded was $530 and only a small fraction of affected users (about 4% of those affected) reported paying. Perhaps surprisingly, cryptocurrencies were typically only one of several payment options, suggesting that they may not be a primary driver of ransomware attacks. We conclude our analysis by developing a simple proof-of-concept method for risk-assessment based on self-reported security habits.
AB - Ransomware has received considerable news coverage in recent years, in part due to several attacks against high-profile corporate targets. Little is known, however, about the prevalence and characteristics of ransomware attacks on the general population, what proportion of users pay, or how users perceive risks and respond to attacks. Using a detailed survey of a representative sample of 1,180 American adults, we estimate that 2%-3% of respondents were affected over a 1-year period between 2016 and 2017. The average payment amount demanded was $530 and only a small fraction of affected users (about 4% of those affected) reported paying. Perhaps surprisingly, cryptocurrencies were typically only one of several payment options, suggesting that they may not be a primary driver of ransomware attacks. We conclude our analysis by developing a simple proof-of-concept method for risk-assessment based on self-reported security habits.
UR - http://www.scopus.com/inward/record.url?scp=85076087964&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85076087964&partnerID=8YFLogxK
M3 - Conference contribution
T3 - Proceedings of the 15th Symposium on Usable Privacy and Security, SOUPS 2019
SP - 155
EP - 174
BT - Proceedings of the 15th Symposium on Usable Privacy and Security, SOUPS 2019
PB - USENIX Association
Y2 - 12 August 2019 through 13 August 2019
ER -