A recent survey conducted on more than 300 IT decision makers has revealed the extent of UK ransomware infections and provides some interesting insights into the lack of preparedness for attacks.
The aim of the study was to raise awareness of the ransomware threat and show how much of an impact ransomware is having on businesses in the United Kingdom. The threat from ransomware has been widely documented over the course of the past 12 months in line with the increasing number of attacks that are being performed.
However, what was not clear was how many companies had actually experienced ransomware attacks. The Trend Micro survey has revealed that UK ransomware infections are occurring at an unprecedented rate. 44% of the surveyed companies revealed that they had already experienced a ransomware attack, while 27% of companies had been attacked on more than one occasion.
The survey also showed that when ransomware attacks take place they cause considerable disruption. UK companies reported that a third of their employees were impacted by the attacks.
Ransomware is used to lock an organization’s files to prevent data from being accessed. Files are locked with powerful encryption, and while some ransomware variants have been cracked and decryptors released, no decryption tools are available for the most common ransomware variants – Locky for example. If an organization is attacked, there are three options. Recover the data from a backup, pay the attackers for the decryption key, or lose the encrypted data forever.
The Federal Bureau of Investigation has advised U.S. companies not to pay the ransom as this only encourages further ransomware activity. However, the survey revealed that when it comes to UK ransomware infections, a majority of companies have paid up to obtain the keys to unlock files. Out of the 44% of companies that had experienced a ransomware attack, 65% paid the ransom. However, even when the ransom is paid there is no guarantee that files can be unlocked. The survey revealed that one in five companies that paid the ransom were still unable to unlock their data.
What is clear from the survey is that paying a ransom is no guarantee of being able to recover data. The best strategy to ensure no data loss is to ensure that regular backups are performed. However, since many ransomware variants delete backup files or encrypt them, one backup copy is not enough. A backup should be performed at least twice, with one copy stored off site. A second backup can be stored locally but it should be on an air-gapped device. Many cryptoransomware variants are able to encrypt data not only on an infected machine, but also on networked drives and portable storage devices.