Ransomware stats overload risks confusing buyers
UK-based organisations are either more, or less, likely to pay ransoms, depending on which cyber security supplier you want to believe
The cyber security industry is struggling to articulate how organisations should approach the widespread and growing threat posed by ransomware, leaving users at odds as to who to believe and how to respond to a ransomware attack, as two different and conflicting reports produced by suppliers CrowdStrike and Veritas show.
In what may be seen as a sign of precisely how difficult it is to get a handle on the murky cyber criminal underworld, the two suppliers have both released reports detailing end-user attitudes to ransomware and made the headline claims that UK-based organisations are either much less likely, or much more likely, to pay a ransom.
The CrowdStrike study, produced by pollsters at Vanson Bourne, claimed that only 13% of organisations in the UK subjected to a ransomware attack paid the ransom, lower than any other country in its global survey and only half as many as the global average of 27%. However, Veritas claimed that 56% of UK organisations pay ransoms after an attack, a sharp divergence and well above the global average of 31%.
CrowdStrike said that 39% of UK organisations had experienced a ransomware heist in the past 12 months, and that the average ransom paid by those that chose to came in at just under £1m, contrasting sharply with France, where the average payment totalled £560,000, Germany, at £800,000, and Italy, at £300,000.
Its report said that the sharp growth in ransomware was, at least to some extent, linked to the impact of the Covid-19 pandemic, which has given cyber criminals an increased opportunity to take control of compromised networks while IT teams grapple with the deep and long-lasting changes brought about by remote working.
CrowdStrike’s data show that 71% of respondents were more worried about ransomware attacks as a direct result of Covid-19, although this attitude was more pronounced in geographies other than the UK. “The stream of high-profile ransomware attacks on UK businesses in the last 12 months – along with growing vulnerabilities caused by the lingering pandemic and geopolitical tensions – should encourage all businesses to continue to focus on their cyber security,” said Zeki Turedi, EMEA CTO at CrowdStrike.
“In a remote working situation the attack surface has increased many times and security cannot be secondary business priority. Just as with the spread of the coronavirus in humans, any gap in defences impacts the organisation’s body, and can then lead to compromising partners and customers. Security is not only for the business, it’s for the business’s ecosystem.”
Read more about ransomware
- Videogame studio Capcom says the data of up to 350,000 people was likely to have been compromised in a Ragnar Locker ransomware attack.
- The volume of ransomware attacks has jumped 50% in the past three months, according to data produced at Check Point.
- Raccine, an open source 'vaccine,' prevents ransomware threat actors from using a Windows utility to delete shadow copies of a system's data, but there are a few drawbacks.
Veritas’s study, conducted by Wakefield Research, identified a correlation between how likely organisations are to make a payment, and the complexity of their cloud estates. It said that on a global basis, the mean number of clouds deployed by organisations that paid in full was 14.06, dropping to 12.61 for those who paid part of the ransom and 7.22 for those who resisted their attackers’ demands. Just 20% of organisations operating less than five clouds paid in full, compared to 44% of those with over 20.
Its research suggested that the popularity of multi-cloud architectures in the UK was behind the increased number of payments made to ransomware gangs – its data show that 35% of UK organisations use over 20 cloud services, compared to just 16% worldwide.
Organisations operating more cloud instances also took longer to return to business as usual – for 43% of those with less than five clouds, recovery times could be under 24 hours, but for those operating over 20, 39% took between five and 10 days to get things back on track. This was also reflected in the data showing UK companies were far less likely to recover quickly from a ransomware attack, with over a third saying it would take over 10 days to do so.
Ian Wood, Veritas senior director and head of technology for the UK and Ireland, said: “Our research shows that many businesses’ data protection strategies aren’t keeping pace with the levels of complexity they’re introducing and, as a result, they’re feeling the impact of ransomware more acutely.
“Complexity in multi-cloud environments is severely hampering the UK’s ability to cope with ransomware attacks,” he said.