Allstate Identity Protection is proudly compliant with the new California Consumer Privacy Act. View our privacy policy here.
Security Professionals | 5 min read

Ransomware's New Payment Model: Name Your Own Price


Get more Allstate Identity Protection news

Last year, ransomware attacks cost businesses $1.5 billion, and one widespread attack, WannaCry, is on track to generate over $4 billion in lifetime damages. There’s no mistaking it: Ransomware is a big business. And, like all businesses seeking longevity, it is evolving.

Introducing the Priceline of ransomware — a new attack that allows victims to name their own price.

The basics of ransomware attacks

Ransomware is a form of malware that works by taking your computer hostage, usually by locking you out of your computer or encrypting all of your files. The attacks can reach your machine in a variety of ways like phishing scams, malicious links, fake sites, etc. Regardless of how your device becomes infected, the outcome is the same — you are forced into paying a ransom to regain access.


It’s also interesting to note that the ransomware market is largely built on the “bad guys” — or the ones enacting the attack — borrowing ransomware from its creator and remitting 20 percent of the set ransom back to them.

The cost of ransomware attacks

Ransoms can vary greatly in price. On average, users were forced to pay a little over $1,000 to regain control of their computers in 2016 — a nearly 300 percent increase from the previous year.

The cost to small and medium-sized companies can be much more significant. Those that experienced ransomware attacks in 2016 lost around $100,000. Twenty-two percent of affected businesses with fewer than 1,000 employees had to halt operations immediately, and one in six companies reported that the attacks delayed business operations by 25 hours or more.

A new form of ransomware

Not all ransomware attacks follow the same pricing model. Scarab, a relatively new form of ransomware — one that’s even equipped with “Game of Thrones” references — is pioneering a new approach. Instead of demanding a set price, a victim’s device is directed to a website where users can begin negotiations.

Aaron Higbee, co-founder and CTO of PhishMe, tells ZDNet that Bitcoin, which has increased in value from $1,000 to $16,000 in just one year, may be partially responsible for this shift in tactics:

“The negotiation process encouraged by the Scarab ransomware is particularly interesting. While entering into negotiations definitely makes it more likely that a ransom of some kind will be paid, it also allows them to fluctuate demands depending on the value of bitcoin at that time.”

Ways to prevent ransomware attacks

The best way to protect yourself from ransomware attacks is through prevention. Here’s a list of actionable items you can take to ensure you’re properly protected.

Educate yourself about new ransomware attacks

Ransomware attacks are constantly evolving, and it’s imperative you keep up with the latest trends and tactics. In addition to following our blog, you can also follow other reputable sites like Security Intelligence, ZDNet, and the Center for Internet Security®.  

Avoid phishy emails

Phishing is the biggest source of malware attacks like ransomware, so be sure to stay clear of any strange email. Here are ways you can identify phishing emails:

  • Misspellings and grammatical errors throughout
  • No contact details in the signature line
  • The offer seems too good to be true
  • The salutation is oddly worded or contains vague terms like “customer”  
  • When you hover over a link, it reveals a different URL than stated
  • Something just feels off

Make sure that if you receive an email that takes you to a webpage that you thoroughly check the url, footers, and design for any inconsistencies. Many phishing sites have only gotten better, so for extra safety, try going directly to your provider’s main page instead of clicking through the email.

Verify a site’s security before proceeding

Never proceed to a site your browser warns you may be dangerous. Also, stick to sites that are “https.”

Keep your software updated

Make sure your software is always up to date. This means ALL of your software, even programs like spreadsheets and word processors, need to run the latest versions. If you’re alerted to a new patch or version of your software, install them quickly. This helps ensure hackers aren’t exploiting vulnerabilities in your outdated version.

Use anti-virus software

Use a credible anti-virus program; a free service just isn’t going to cut it. You’ll need a program that runs automatic updates and conducts ongoing scans for vulnerabilities. To compare leading anti-virus software and their features, visit PC Magazine’s collection of top anti-virus software for PC or Mac.

These tips provide a great starting place for staying safe, but ransomware isn’t the only threat you might encounter. To learn more about malware and how you can protect yourself from phishing attacks, check out our complimentary ebook, Phishing for Dollars: How Identity Theft Is Leaving Businesses and Employees on the Hook.

New Call-to-action