We recently sponsored a deep-dive study conducted by Osterman Research on the subject of Ransomware, and the results are a stark insight into one of the biggest problems facing both enterprise and home networks at the moment.

Some key UK-centric findings:

  • 40% of businesses worldwide attacked, but Senior UK IT staff suffered the highest number of ransomware attacks (54%)
  • Over half of UK CISOs (58.2%) paid the ransom, the second highest percentage of the international research base
  • The UK had the highest amount of revenue loss worldwide, with 60% saying the attack cost the company financially
  • Possibly the most disturbing result to come out of the research is the fact that 3.5% companies across all the countries fear loss of life in relation to locked up systems.

Only 4% of those who took part said they were very confident in their ability to stop Ransomware, with a sizeable portion weighing in at the 78% “somewhat or fairly confident” mark. 58% of UK companies said they’d paid a ransom to release their files, which isn’t an optimal strategy by any stretch of the imagination. Paying up simply encourages the scammers to keep at it, and handing over money is no guarantee you’ll get the files back anyway.

While most Ransomware authors seem to realise there is a twisted logic in being “honest” (nobody will continue to pay if they don’t get their files back), there are numerous script kiddies out there building utterly broken pieces of Ransomware and it’s not uncommon to see fails fail to decrypt. There is, of course, ultimately no guarantee that they’ll give you a method of decrypting the files anyway – victims are entirely at the Ransomware author’s mercy.

It’s entirely possible that the high incidence of payments to Ransomware authors in the UK coincides with the finding that UK IT managers are the least likely to offer up Ransomware training in the office. Given how prevalent a threat it is, and how 34% of companies globally from the research have lost money, there really is no excuse at this point for not considering basic Ransomware avoidance techniques.

All those fake, zipped invoices and phoney banking expense attachments aren’t going to stop being sent to your network anytime soon, so it’s most definitely a case of better safe than sorry. With Ransomware, there are very few second chances and – as the UK is finding out – it’s taking entire businesses off the grid, with 9% finding every device on the network encrypted.

There’s never been a better moment to brush up on your Ransomware knowledge and protection. Take some time out and learn about the scale of the threat at hand, and then do your best to ensure you don’t join the above 9% in a total network blackout. You’ll be doing your bit for a safer Internet, and annoying Ransomware authors at the same time.

What could be better?

Christopher Boyd