July 8, 2019

Ransomware attacks the new normal as 1 in 3 UK businesses hit

By Lucy Ingham

Ransomware attacks are now a commonplace part of UK business operations, with research finding that 28% of companies have been hit by such an attack in the last 12 months alone.

This is according to research by Databarracks released today ahead of its Data Health Check survey.

The research suggests that rates of ransomware are stabilising. The same research in 2018 found a rate of ransomware attacks of 29%, while in 2017 the rate was just 16%.

The findings come as numerous government institutions, particularly in the US, continue to be the targets of ransomware attacks.

“The wave of attacks in US, combined with our own research, shows how common ransomware attacks have become. It’s important organisations take preparative action,” said Peter Groucutt, managing director of Databarracks.

“There is evidence widely available to show ransomware attacks are not disappearing, so it’s important organisations invest in their defensive and preventative strategies.”

How businesses should handle ransomware attacks

Despite the potential damage data loss as a result of ransomware attacks can cause, advice regarding paying attackers remains the same.

“While some public services have been forced to pay ransoms, we wouldn’t encourage others to follow this example,” said Groucutt.

“Doing so, will not only incite further criminal activity but can lead to further repercussions for organisations and its employees. In some instances, paying a ransom may even be illegal. At best paying the ransom means funding cybercriminals to carry out further attacks and at worst, potentially funding terrorism.”

Instead, businesses should consider themselves at high risk of ransomware attacks, no matter what industry they operate in, and have an a plan of action in place to enact if the worst happens.

“Having a Cyber Incident Response Plan – including recovery from backup – is critical,” he said.

“A ransomware attack will ultimately leave a business with two decisions: recover your information from a previous backup or pay the ransom. But even if a ransom is paid, it’s not certain your data will be returned. The only way to be fully protected is to have historic backup copies of your data.”

Enabling a fast return to business as usual

The core aim of any plan is to ensure that any ransomware attack is effectively dealt with as quickly as possible.

“When recovering from ransomware, your aims are to minimise both data loss and IT downtime. Outright prevention is not viable, so organisations should focus on organising their defensive and preventative strategies to reduce the impact of an attack,” said Groucutt.

Central to this is giving IT departments the authority to handle issues as and when they arise.

“The Incident Response Team or Crisis Management Team must have the authority to make large-scale, operational decisions quickly. This includes being able to take systems offline to prevent the spread of infection,” he said.

“Once isolated and contained, you must find when the ransomware installation occurred to be able to restore clean data from before the infection occurred. When the most recent, clean data is identified you can begin a typical recovery, restoring data and testing before bringing systems back online again.”

Read more: Cryptomining almost ‘extinct’ but business ransomware attacks rocket 500%