Threat Management

New research shows ransomware victims are paying up

New research from security firm Trend Micro is claiming that 74 percent of UK organisations who haven't experienced a ransomware attack remain bullish about the threat, claiming they would never pay up if infected.

Despite this, 65 percent of UK companies confronted with a ransomware situation do end up paying the ransom.

The survey also claims that only 45 percent of those infected got their data back upon paying the ransom, which means one in five companies paid up but never got their data back.

The research showed 44 percent of UK businesses have been infected by ransomware in the last 24 months, 27 percent of those more than once - with the most unlucky UK organisation targeted as much as five times.

Those who have been targeted by ransomware say that 33 percent of their employees were affected by the infection, along with an estimated 31 percent of the organisation's customers.

The rapid development of ransomware has become a major security issue for UK businesses because of one thing: “it works,” said Bharat Mistry, cyber-security consultant at Trend Micro.

Mistry explains: “When faced with a ransom situation, most organisations simply cannot afford to part with the encrypted data and are forced to fork out the requested amount, often more than once. Caving in to the demands of cyber-extortionists only reassure them of their strategy and perpetuates the threat cycle. That's why companies must adequately protect themselves against ransomware and avoid playing by attacker's terms.”

The survey shows that the average amount of ransom requested in the UK was £540, although 20 percent of companies reported ransoms of more than £1000.

Eighty-nine percent of respondents said there was a time limit on paying the ransom and 57 percent of companies reported having less than 24 hours to pay up, with a national mean of 19 hours.

Organisations affected by ransomware estimate they spent 33 man hours on average fixing the issues caused by the ransomware infection.

When asked about motivations behind a decision to pay the ransom, 37 percent said they were worried about being fined if data was lost. Other reasons included encrypted data being highly confidential (32 percent) and low ransom amount (29 percent).

Separately, 66 percent of companies that refused to pay up said they don't bargain with cyber-criminals as a rule. A further 60 percent claimed they were able to recover the data from backup files, and 26 percent believed the data encrypted wasn't valuable or confidential, and hence was not worth paying for.

When infected by ransomware, 81 percent of companies contacted a law enforcement agency, who were able to assist in about 51 percent of the cases.

“Ransomware has completely dominated the current threat landscape,” added Bharat Mistry. “During the first part of 2016, we blocked and detected almost 80 million ransomware threats and identified 79 new ransomware families – comparing to 29 in the whole of 2015. That's a 179 percent increase. Quite a few of those were built with routines that are designed to attack enterprise machine and endpoints. It's time companies take heed."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.