Ransomware: What would you do? One in three infected organisations pay hackers to get data back

Pay up, lose your data or try to recover the files yourself?
Written by Danny Palmer, Senior Writer

Ransomware has become one of the most notorious threats on the web.

Image: iStock

No wonder ransomware has become one of the biggest menaces on the web; a third of organisations across the globe which became infected by the file-encrypting malware in the past 12 months gave into the demands of hackers in order to regain access to their locked data.

With attacks of this kind being simpler than ever to carry out thanks to the availability of ransomware-as-a-service schemes on the dark web, more and more organisations are finding themselves being attacked in this way.

Figures in CyberEdge Group's newly released 2017 Cyberthreat Defence Report suggest that 61 percent of all organisations in the world fell victim to a ransomware attack during 2016.

Of those, over half managed to recover their data without giving into ransom demands, while a third paid cybercriminals to regain access to encrypted files - although you cannot never trust cybercriminals to keep their word. A further 13 percent of organisations opted not to give into ransom demands and lost their data.

Losing data is the most common worrying among affected organisations, with 38 percent of respondents citing it as their biggest reason for fearing ransomware, while 27 percent fear the loss of productivity. Reputation damage, recovery costs and lost revenue are also cited as key fears of ransomware.

According to those responding to CyberEdge's research - which surveyed 1,100 IT security decision makers across the globe - it's low security awareness among employees which is the biggest factor leaving businesses vulnerable to ransomware and other cyberattacks.

After all, an organisation could have the best cyber defences in the world, but all it takes is for one employee accidentally opening an attachments which contains malicious content.

One in five respondents also laid blame at the door of Microsoft, claiming that the likes of Office 365 doesn't offer adequate cybersecurity measures - that's despite the firm providing administrators with the opportunity to disable Macros, one of the main exploits used to deliver ransomware.

Not even governments are safe from this ongoing epidemic, and cybersecurity researchers at Palo Alto Networks' Unit 42 have uncovered a new form of ransomware specifically built to target Middle Eastern governments in an effort to making specific political statements.


RanRan ransomware note.

Image: Palo Alto Networks

However, researchers note the cipher doesn't delete the original versions of encrypted files, using publicly available code to carry out the actions, meaning that those behind RanRan are unlikely to be unsophisticated actors.

It does however represent a new development for ransomware, which rather than just being pushed for financial gain, is also now being used to engage in hacktivism.

Nonetheless, money remains the most significant driver for ransomware - which those pushing it making a combined $1 billion during last year alone.


Editorial standards