The chair of the Federal Trade Commission (FTC) is advising businesses that the FTC might hold them accountable for not fixing vulnerabilities commonly exploited by cybercriminals launching ransomware attacks.
FTC Chairwoman Edith Ramirez says the actual ransom demand is usually $500 to $1,000 but can be as high as $30,000. Based on data from the FBI, the U.S. government estimates there are now 4,000 ransomware attacks being launched per day, representing a 300 percent increase over the 1,000 ransomware attacks per day in 2015.
Even more concerning for the average organization, Ramirez also revealed that thus far the FTC has pursued more than 60 enforcement actions against companies that have been hit by ransomware. That may seem like a government effort to punish the victim of a crime, but the FTC is starting to make it clear that the careless handling of data is indeed a potential crime punishable by fines that far exceed the ransom being demanded by hackers.