Naerly two in five (39 per cent) large UK businesses have fallen victim to a ‘bluff’ ransomware attack, with almost two thirds (61 per cent) of those organisations paying out a ransom as a result. That’s according to research commissioned by Citrix and carried out by One Poll. It asked 500 IT decision makers in companies with 250 or more employees across the UK on ‘bluff’ ransomware attacks.
This refers to a criminal falsely stating that malicious software has blocked access to an organisation’s computer system or data but still demanding a sum of money to return access to the data. The research also considered the extent to which ransoms are being paid by British businesses as a result of these incidents and whether – and with whom – affected businesses are sharing this information.
The research suggested that UK businesses hit with a ‘bluff’ ransomware attack are paying the cyber criminals responsible for the incident an average of £13,412.29. While almost two thirds of large British businesses have paid out between £10,000-25,000 following this type of scam, one in 20 (6 per cent) ended up paying over £25,000 as a result of these faked ransomware campaigns.
The poll also found that almost half (42 per cent) of large British businesses have experienced a cyber-criminal claiming to have successfully launched a ransomware attack against their company system – and demanding payment. When faced with this situation, the majority (93 per cent) have considered whether it might be a ‘bluff’. Despite so many companies considering this possibility, just 37 per cent of affected organisations avoided ‘falling for the bluff’ and chose not to pay out a ransom.
Chris Mayers, chief security architect, Citrix, said: “Cyber criminals on the lookout for easy wins and lucrative targets are taking advantage of fears around ransomware to make money from ‘bluff’ ransomware attacks. With so many UK businesses falling victim to these scams, learning to distinguish real threats from a false attack can save considerable sums.
“Organisations can pinpoint a real attack and completely eradicate it with the correct technical expertise – but this expertise is in short supply. Good cyber hygiene, on the other hand, is readily available. By committing to the most robust cybersecurity techniques, companies can lessen the chances of falling prey to a real ransomware attack or creating any vulnerabilities which could lead them to believe their system has been hacked by cyber-attackers when it has not.”
With an increased focus on sharing threat intelligence across the security sector, the vast majority of affected businesses did share information on ‘bluff’ ransomware attacks. Over half of large UK businesses shared that information with police forces (57 per cent) and cybersecurity organisations, such as the National Cyber Security Centre (59 per cent). Cybersecurity initiatives, such as No More Ransom, were also a key sharing avenue with 45 per cent of affected businesses sharing information with these groups. Yet, surprisingly, less than a quarter (24 per cent) of affected UK businesses shared that information with stakeholders, such as customers, partners and suppliers.
Chris Mayers added: “This research leaves a worrying impression that organisations may be treating ransomware as a cost of doing business – just like shrinkage and fraud in some sectors. Yet this mentality may be resulting in British businesses paying out when it is not necessary, while simultaneously supporting cybercriminal activity.
“Businesses faced with a ransom demand are forced into a difficult position. If the attack is real, paying up does not guarantee that the cyber thieves will return access to company data. Yet affected companies may not feel they have the luxury of hoping the attack is not real and refusing to pay the ransom. Whether they pay the ransom or not, sharing information on the ‘bluff’ attack is key to ensuring that other organisations do not fall victim to the same scam.”
