Ransomware Hits Over a Quarter of UK Firms

Written by

Over a quarter of UK firms have suffered a ransomware attack over the past year, a major increase on figures from 2016, according to new research released by Databarracks.

The business continuity provider shared data from its upcoming Data Health Check survey, based on interviews with 400 IT decision makers.

It revealed that 28% of UK organizations have been hit by ransomware over the past 12 months. This is slightly lower than the peak of 29% in 2017, the year WannaCry hit, but much higher than the 2016 figure of 16%.

Databarracks managing director, Peter Groucutt, urged firms to formulate effective incident response plans, including recovery from backup.

“A ransomware attack will ultimately leave a business with two decisions: recover your information from a previous backup or pay the ransom. But even if a ransom is paid, it’s not certain your data will be returned. The only way to be fully protected is to have historic backup copies of your data,” he argued.

“When recovering from ransomware, your aims are to minimize both data loss and IT downtime. Outright prevention is not viable, so organizations should focus on organizing their defensive and preventative strategies to reduce the impact of an attack.”

It’s not just the UK that has seen an increase in ransomware attacks of late. In the US, several Florida cities have been hit, with two of them agreeing to pay the hackers hundreds of thousands of dollars to get their data back.

Although ransomware attacks on consumers decreased 33% year-on-year in Q1 2019, those against corporates surged by over 500%, according to Malwarebytes.

“The incident response team must have the authority to make large-scale, operational decisions quickly. This includes being able to take systems offline to prevent the spread of infection,” explained Groucutt.

“Once isolated and contained, you must find when the ransomware installation occurred to be able to restore clean data from before the infection. When the most recent, clean data is identified you can begin a typical recovery, restoring data and testing before bringing systems back online again.”

What’s hot on Infosecurity Magazine?