santiago silver - Fotolia

One in five businesses hit by ransomware are forced to close, study shows

More than half of UK companies have been hit by ransomware in the past year, a study on the impacts of this popular attack method has revealed

Nearly 40% of businesses were hit by ransomware attacks in the past year, with more than a third of them losing revenue and 20% forced to shut down, a study has revealed.

Nearly 60% of ransomware attacks in the enterprise demanded more than $1,000, according to the State of Ransomware report sponsored by security firm Malwarebytes.

The report, based on a poll of more than 500 IT leaders in the UK, Germany, the US and Canada, revealed that more than 20% of attacks demanded $10,000 or more, and  1% asked for $150,000 or more.

Of the countries surveyed, the UK reported the highest proportion of ransomware attacks, with 54% of the companies polled affected, despite 87.2% of respondents saying they were confident in their ability to stop attacks that encrypt critical files and demand payment to supply the decryption keys.

“Over the past four years, ransomware has evolved into one of the biggest cyber security threats in the wild, with instances of ransomware in exploit kits increasing by 259% in the past five months alone,” said ransomware expert Nathan Scott, technical project manager at Malwarebytes.

“The impact on businesses around the world has been significant, but until now, very few studies have examined the current prevalence and ramifications of actual ransomware incidents in the enterprise,” he added.

Businesses are unprepared for future strains of more sophisticated ransomware, according to the Cisco 2016 Midyear Cybersecurity Report.

Fragile infrastructure, poor network hygiene and slow detection rates are providing ample time and air cover for adversaries to operate, the report said.

Most profitable malware type

So far this year, ransomware has become the most profitable malware type in history, and Cisco researchers expect new modular strains of ransomware to be able to switch tactics quickly to maximise efficiency.

The Malwarebytes study also revealed that 78% of all ransomware was known to come through an endpoint, and nearly half of attacks originated from email.

However, UK respondents had the lowest percentage globally in terms of awareness of which device the ransomware had used to enter the organisation, with 22% saying they had no idea whatsoever. 

Globally, more than 40% of victims paid the ransom demands, but 58.2% of the UK firms polled have paid the ransom, the second-highest percentage in the international research base and 21 times higher than their US counterparts.

UK loses most revenue

As a result, the UK recorded the most revenue lost worldwide, with 60% saying the attack cost the company financially, nearly 10 times more than their US counterparts.  

The UK also reported the highest percentage of ransomware encrypting every single device on the corporate network, with 9% of all organisations suffering total blackout through encryption, compared with no total blackout reported in the US or Germany.

Despite the findings, UK IT managers were also the least likely to put any kind of ransomware training in place.

The study revealed that companies are spending a significant amount of time on remediation, with more than 60% of attacks taking more than nine hours to remediate, and some even taking more than one business day to fix all affected endpoints.

Ransomware attacks are more frequent in certain industries, the study showed, with healthcare and financial services reporting the most attacks globally, both of which were targeted well above the average ransomware penetration rate of 39%.

Loss of life

The study even revealed that some ransomware attacks could result in loss of life, with 3.5% of respondents saying lives were at stake because of the debilitating effects of ransomware.

The most popular way of addressing the problem is not through protection, but by backing up data, according to more than 71% of those polled.

In an attempt to address the threat of ransomware, Malwarebytes has announced anti-ransomware additions to its Malwarebytes Endpoint Security (MBES) platform for endpoint protection.

Current and future users of the MBES platform will have access to signature-less behavioural monitoring technology that detects and blocks known and unknown ransomware, the company said.

“The results from this survey further emphasise that any business in any region is incredibly vulnerable to ransomware,” said Marcin Kleczynski, CEO of Malwarebytes.

“Cyber criminals are increasing their use of ransomware in their attack strategies globally, causing business disruption, loss of files and wasted IT man-hours.”

To stay safe, businesses must invest heavily in employee education and technology, said Kleczynski.

Read more about ransomware

  • Businesses still get caught by ransomware even though straightforward avoidance methods exist.
  • Criminals used devices compromised for click fraud as the first step in a chain of infections leading to ransomware attacks, said security firm Damballa.
  • The first half of 2014 saw an increase in online attacks that lock up user data and hold it to ransom.
  • The Cryptolocker ransomware caught many enterprises off guard, but there is a defence strategy that works.

Andy Buchanan, area vice-president for the UK and Ireland at security firm RES, said the research shows just how big an issue ransomware has become in the UK.

“Some 54% of IT heads say they have been victims of this crime, which is a staggering number, coming hot on the heels of new national crime stats that show that one in 10 people in England and Wales are now victims of cyber crime,” said Buchanan.

Businesses across the UK must become more vigilant and follow certain steps, he said, so that in the event of a cyber attack, they can mitigate it effectively.

Educating staff

“This includes educating staff to the point where they understand threats and don’t fall prey to the phishing emails that quite often launch ransomware attacks,” said Buchanan. “They should also ensure proven technology approaches are used – such as whitelisting, permission-based access, read-only blanketing and revocation of access.” 

Any organisation should always assume it has been infiltrated, said Buchanan, and should carry out penetration tests regularly to identify and patch any vulnerabilities.

“Cyber insurance is fast becoming something every organisation should have,” he added. “Think of the costs of a ransomware attack – legal fees, lawsuits, security – these all add up to a very expensive post-attack cost that no organisation wants to take on – and we haven’t even touched on reputation.”

Read more on Hackers and cybercrime prevention

Data Center
Data Management