Boom in ransomware targeting the UK

Massive increase in ransomware fuelled by CISOs paying up, according to Malwarebytes

Ransomware has become the biggest 'business' for malicious hackers, with organisations in the UK among the hardest hit - partly fuelled by chief information security officers (CISOs) preferring to pay up if IT they are responsible for is affected.

That is the conclusion of new research from anti-malware software supplier Malwarebytes, which surveyed 540 CIOs, CISOs and IT at organisations in the UK, US, Germany and Canada. It found that 40 per cent of organisations had been affected by ransomware, with one-third admitting to have suffered lost revenues as a result.

The majority of ransomware attacks come via a single end-point, and almost half infiltrate the organisation via emails bearing malicious payloads.

Furthermore, hackers are clearly doing well from ransomware, with 40 per cent of all organisations admitting that they have paid the ransom in order to get their data back.

According to Malwarebytes, 60 per cent of attacks demanded $1,000 to get data unlocked, while one-fifth demand more than $10,000. One per cent even asked for more than $100,000.

From a UK perspective the picture is particularly bad, with 54 per cent of senior IT staff saying they had been affected by ransomware, despite 87 per cent saying they thought they had the defences in place to stop such attacks.

Even more worrying, is that UK companies lost the most in revenue of all nations to ransomware, up to 21 times higher than US companies. This may have something to do with the fact UK IT staff are the second most likely to pay up ransoms to crooks if business machines and data become inaccessible.

This may be because nine per cent of UK organisations who said they had been hit by ransomware admitted their entire end point estate was infected, leaving them effectively unable to operate.

Despite all this, the UK had the lowest levels of ransomware training for staff.

Marcin Kleczynski, chief executive of Malwarebytes, said the data underlined just how bad the ransomware epidemic is becoming,

"Cybercriminals are increasing their use of ransomware in their attack strategies globally, causing business disruption, loss of files and wasted IT man-hours."

The findings from Malwarebytes come just a week after Europol, with help from Kaspersky and Intel Security, announced the start of a fightback against ransomware, with a new online portal designed to flag up the risks it poses.

It even includes thousands of decryption keys to try and help victims of ransomware unlock their machines without having to pay up to the criminals.

Research by Computing, in conjunction with Intel, carried out in 2015 had given some indication that ransomware was on the rise, when 55 per cent of organisations said they had put security measures in place to combat the threat.

Computing and Investment Week will be hosting the Cybersecurity Strategy Briefing on Wednesday 5 October, with sessions focused on IT security in the financial sector. For more details and to reserve your place, please click here