According to recent research, ransomware attacks have now targeted almost 40 per cent of UK businesses in the last year alone.
The research, which saw computer security firm Malwarebytes survey more that 500 IT managers in four UK counties, discovered that nearly 40% of UK businesses had experienced some form of ransomware attack, while more than a third had lost revenue as a direct result of the attack.
Modern-day ransomware attacks typically begin with an employee on a business network accidentally clicking a link sent to them (usually via email) by a cyber criminal pretending to be another person. The malware then spreads across any connected computers and encrypts any files that it finds, locking the user out from accessing anything on their hard drives. The only way to decrypt the files, if the attack is not halted in time, is to then pay money to the cyber criminal.
Most troubling of all is that the demanded sums for unlocking files after a successful ransomware attack are often massive. As part of its report, Malwarebytes said one-fifth of the reported ransomware attacks on UK businesses involved sums in excess of $10,000 (£7,500). At the top end of the scale, three per cent of the attacks demanded sums in excess of $50,000 (£37,500).
However, some attacks are much smaller in scale, targeting smaller businesses and individuals with demands in the region of $500 (£375). In most of these smaller-scale cases, the cyber criminals were paid to unlock the encrypted files. Malwarebytes said that half of the ransomware attacks on UK companies ended up with the targeted company giving up and paying the money.
However, James Trainor, the assistant director of the Cyber Division at the FBI, had a stark warning for those companies that experience an attack:
'Paying a ransom doesn’t guarantee an organisation that it will get its data back– we’ve seen cases where organisations never got a decryption key after having paid the ransom.'
Mr Trainor went on to explain the longer term consequences of giving in:
Paying a ransom not only emboldens current cyber criminals to target more organisations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organisation might inadvertently be funding other illicit activity associated with criminals.
For more news, views and reviews on funding and support for UK businesses and the technology sector follow us on Twitter @RBSIF.
Security may be required. Product fees may apply.