At least one of the major reasons for the ongoing exponential increase in ransomware as a criminal business model could be summed up with the iconic line from the prison boss in 1967\u2019s \u201cCool Hand Luke\u201d: \u201cWhat we got here is a failure to communicate.\u201d\n\nThat was a recurring theme from those on a \u201cRansomware Panel\u201d Thursday at SOURCE Boston 2017, moderated by Paul Roberts, founder and editor in chief of The Security Ledger.\n\nThe communication breakdown occurs at all levels, the panelists said, starting with victims.\n\nFrank McLaughlin, a Boston Police detective, said when a business gets hit with ransomware, \u201cthe police are the last people they want to call, for obvious reasons. It becomes a public record.\u201d\n\nBut even individual victims generally don\u2019t report it because they believe \u2013 correctly in most cases \u2013 that law enforcement can\u2019t help them, and they are desperate to get their files back.\n\nIndeed, Ryan Naraine, head of the Global Research & Analysis Team at Kaspersky Lab, along with other panelists, said while the official stance of law enforcement and federal agencies like the FBI is never to pay a ransom demand, they tell victims privately that if there is no other way to get their files back, to pay it.\n\nThat, they agreed, is why ransomware is so popular among criminals \u2013 it is low-risk and high reward.\n\nThere was also agreement that there needs to be more information sharing among those who investigate ransomware crimes. McLaughlin said it is improving. He said there is more communication among the various police districts in greater Boston, and also between his office and the local FBI, which has the potential to find connections among attacks that could point to many of them being controlled by a small number of criminal enterprises.\n\nBut he acknowledged that the FBI generally doesn\u2019t get involved in cybercrime investigations unless they involve large amounts of money \u2013 in the hundreds of thousands or millions.\n\nAnd as the panelists agreed and has been widely reported, most ransom demands don\u2019t come close to that amount. While it has been increasing \u2013 Roberts noted that Symantec reported the average had jumped from $294 in 2015 to more than $1,000 in 2016 \u2013 it still doesn\u2019t come close to the kind of \u201cserious money\u201d that would interest the FBI.\n\nThen there is media communication. McLaughlin noted that the media tend to cover violent crime, \u201cbut nobody cares if somebody steals a million dollars.\u201d\n\nThat is also changing to some extent, said Sumit Sehgal, CTO of healthcare at McAfee. He noted that the major news networks have stories on cybercrime much more frequently than five years ago.\n\nHe said there is also more education at the K-12 level in public schools about bullying and cyber hygiene. \u201cAnd there is evangelism from companies like ours,\u201d he said. \u201cThe resources are there \u2013 platforms are getting better every day.\u201d\n\nBut finally, there was also a plea from those in the audience for more security awareness training for the general public.\n\nTo Naraine\u2019s comment that average users bear some responsibility for falling victim to phishing or other social engineering, or failure to use two-factor authentication, one audience member called it, \u201cvictim shaming,\u201d arguing that the average user, like her grandmother, cannot be expected to be savvy to the multiple kinds of attacks that can lead to ransomware.\n\nPanelists agreed in part, but said there are multiple initiatives to improve awareness. \u201cIt\u2019s better than it was five years ago,\u201d Sehgal said. \u201cYou get reminders from Facebook to change your password, or a notice that you signed in from China.\u201d\n\nMcLaughlin said communities that focus on physical safety in their public service announcements should probably add messages regarding online security.\n\nBut Naraine said people still need to take some responsibility for their own safety. \u201cIt\u2019s like leaving your keys in your car \u2013 don\u2019t do it,\u201d he said.