The number of ransomware attacks has been growing rapidly since 2015. In 2016, the occurrence of ransomware attacks nearly doubled, showing a 172% increase in the first half of 2016 compared to the whole of 2015.
Ransomware is a form of cyber security attack where malware is installed on your device and encrypts your data. You are then prevented from accessing your data until you pay a ransom. In 2016, a hospital in Los Angeles was crippled by such an attack having to resort to paper methods, delaying treatment and putting lives at risk. They eventually paid out $17,000 to the cybercriminal behind the attack.
It’s not just losing money to cybercriminals that is the risk for businesses that suffer a ransomware attack. Due to pending changes in legislation, from 2018 UK businesses will be liable to pay a fine to the Information Commissioner’s Office of up to €20 million euros or 4% of their annual global turnover if they suffer a data breach, as well as informing any individual whose data has been compromised such as clients or suppliers.
‘Research has shown that 76% of UK adults don’t know what ransomware is, this needs to change for the sake of our data, finances and reputations. There is far too much at stake to not put safety measures in place to combat against this massive risk to our businesses,’ said Chris Roche, Managing Director of local IT Company ACUTEC.
According to research made available to ACUTEC, 58% of UK companies pay ransom demands when subject to these attacks and 60% of attacks demand ransoms of over a $1000, 20% of $10,000. The research also highlights that a staggering 32% of UK companies lost essential files and data after refusing to pay while 34% lost revenue as a direct result of an attack. The impact that ransomware can have on a business can be unimaginable.
Urfaan Azhar, Operations Manager at ACUTEC commented: ‘Businesses cannot continue to ignore this problem, it is not going to go away. We need to ensure that every business in the UK has an appropriate disaster recovery plan in place to ensure that when it does happen, because it is a case of when not if, the issue has the smallest possible impact on the business.’
Businesses that are concerned about ransomware are urged to take action and ensure that they are making the appropriate steps to protect their assets from this cyber threat. First steps should be to ensure that staff are aware of the issue and know what to look out for to ensure that an attack can be avoided at all costs.