Ransomware attacks are now a commonplace part of UK business operations, with research finding that 28% of companies have been hit by such an attack in the last 12 months alone.

This is according to research by Databarracks released today ahead of its Data Health Check survey.

The research suggests that rates of ransomware are stabilising. The same research in 2018 found a rate of ransomware attacks of 29%, while in 2017 the rate was just 16%.

The findings come as numerous government institutions, particularly in the US, continue to be the targets of ransomware attacks.

“The wave of attacks in US, combined with our own research, shows how common ransomware attacks have become. It’s important organisations take preparative action,” said Peter Groucutt, managing director of Databarracks.

“There is evidence widely available to show ransomware attacks are not disappearing, so it’s important organisations invest in their defensive and preventative strategies.”

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

How businesses should handle ransomware attacks

Despite the potential damage data loss as a result of ransomware attacks can cause, advice regarding paying attackers remains the same.

“While some public services have been forced to pay ransoms, we wouldn’t encourage others to follow this example,” said Groucutt.

“Doing so, will not only incite further criminal activity but can lead to further repercussions for organisations and its employees. In some instances, paying a ransom may even be illegal. At best paying the ransom means funding cybercriminals to carry out further attacks and at worst, potentially funding terrorism.”

Instead, businesses should consider themselves at high risk of ransomware attacks, no matter what industry they operate in, and have an a plan of action in place to enact if the worst happens.

“Having a Cyber Incident Response Plan – including recovery from backup – is critical,” he said.

“A ransomware attack will ultimately leave a business with two decisions: recover your information from a previous backup or pay the ransom. But even if a ransom is paid, it’s not certain your data will be returned. The only way to be fully protected is to have historic backup copies of your data.”

Enabling a fast return to business as usual

The core aim of any plan is to ensure that any ransomware attack is effectively dealt with as quickly as possible.

“When recovering from ransomware, your aims are to minimise both data loss and IT downtime. Outright prevention is not viable, so organisations should focus on organising their defensive and preventative strategies to reduce the impact of an attack,” said Groucutt.

Central to this is giving IT departments the authority to handle issues as and when they arise.

“The Incident Response Team or Crisis Management Team must have the authority to make large-scale, operational decisions quickly. This includes being able to take systems offline to prevent the spread of infection,” he said.

“Once isolated and contained, you must find when the ransomware installation occurred to be able to restore clean data from before the infection occurred. When the most recent, clean data is identified you can begin a typical recovery, restoring data and testing before bringing systems back online again.”

Read more: Cryptomining almost ‘extinct’ but business ransomware attacks rocket 500%