Willing to pay ransomware

APTFilter CERT-LatestNews Malware Security News SocialEngineering ThreatsActivists ThreatsCybercrime ThreatsEconomic ThreatsStrategic VulnerabilitiesAll VulnerabilitiesHardware

Large British businesses are prepared to pay out to regain access to important intellectual property or business critical data, it’s claimed. Comparisons with 2016 research on the same theme reveal that companies are increasingly willing to pay more as the threat of ransomware rises – with the average amount increasing by 361pc from the £29,544 figure highlighted in last year’s research; to an average of £136,235.44 .

The research – commissioned by networking security product firm Citrix and carried out by One Poll – quizzed 500 IT decision makers in companies with 250 or more employees across the UK on their strategies to defend against ransomware attacks. After a similar 2016 Citrix survey released in June last year, this research offers a snapshot of how UK businesses are continuing to prepare to deal with the threat of ransomware.

The poll also suggested that more UK companies are now building a ready stockpile of digital currency (for example, Bitcoin) in case of a ransomware attack – rising from 33pc in 2016 to 42pc now. Large UK businesses stockpile an average of 23 bitcoins in case they are suddenly hit by an attack. Almost one in three (28pc) keep more than 30 bitcoins on standby – providing them with the equivalent of over £50,000 in cryptocurrency in preparation.

The decision to stockpile digital currency reflects a widespread attitude that paying a ransom may be necessary. Just one fifth (22pc) of businesses are not prepared to pay anything when struck with a ransomware attack – a reduction from 25pc last year. Smaller companies are still more likely to keep a ready supply of cryptocurrency, such as Bitcoin, than larger businesses.

The 2016 research found that one fifth (20pc) of companies with 250 to 500 employees did not have any contingency measures in place in case of a ransomware attack, however this has fallen to just 7pc in 2017.

While many businesses are preparing to block ransomware attacks or pay out if hit, others are missing out on simple cyber hygiene procedures which can limit the impact of a ransomware attack. For instance, over half of large British businesses (55pc) still don’t back data up at least once a day.

Chris Mayers, chief security architect, Citrix, said: “Cybercriminals are resorting to ransomware to exploit the vulnerabilities that exist within British organisations. This is no secret with global attacks hitting the headlines, yet many businesses are still being caught out. Organisations must ensure they’re prepared for the reality of this threat and take action to both safeguard the IT network for an attack and protect mission-critical data.

“Stockpiling a potential ransom may alleviate concerns about ensuring constant access to data but there is no guarantee that data will be returned even when a ransom has been paid. Instead, committing to robust cybersecurity techniques and ensuring specific contingency measures are in place to deal with an attack can reduce the chances of falling prey to ransomware in the first place.”

While one quarter (25pc) of IT decision makers do not feel the government is performing in terms of providing guidance to businesses on avoiding cyber-attacks, this reflects an improvement on last year’s sentiments. Just 12 months ago, nearly one in three (32pc) were less than impressed with the government’s guidance on avoiding cyberattacks. While there is scope for further improvement, the UK government appears to be having an impact as cybercrime reaches the top of the national agenda.

Chris Mayers added: “These findings emphasise the importance of setting robust cyber standards and sticking to them. While more companies are preparing to pay out, many still fail to back data up each day. Organisations should look at dedicated techniques, from encryption to virtualisation, to keep data and apps safe across all devices and desktops – and out of reach of today’s persistent cyber attackers.”