Almost half the world's companies victims of ransomware attacks
Ransomware attacks are on the rise globally with 48 per cent of companies admitting they have suffered at least one ransomware attack in the past 12 months.
A survey by endpoint security company Sentinel One revealed the extent and severity of the ransomware problem, which frequently goes unreported as companies fear losing reputation and trust of their clients.
“On average, every company involved in our survey suffered six ransomware attacks over the past year,” said Sentinel One Chief Security Consultant Tony Rowan who led the study, which involved 500 companies from the UK, US, France and Germany.
“In some cases, a company could suffer up to 20 attacks in one year.”
36 per cent of IT professionals queried by the researchers admitted they feel helpless fighting ransomware – a malicious type of software, which encrypts data of the attacked system upon being downloaded most frequently through a phishing scam. The attackers require the victim to pay substantial sums of money in exchange for providing keys to unlock the data again. Conventional antivirus frequently fails to keep the system safe.
Only 54 per cent of the companies said they had informed law enforcement about the attack. It is believed companies would frequently pay the ransom and still not inform the police.
“Perpetrators of these attacks are very difficult to find and prosecute,” said Paul Hoare from the National Cyber Crime Unit. “Most frequently, these attacks are carried out by organised gangs from eastern Europe outside the European Union were there are no extradition treaties in place. If the ransom has been paid, you can follow the money and you have a better chance of finding the attacker. But if you don’t report it, your chances are obviously zero.”
Ransomware is a lucrative business. According to the researchers, it costs a few thousand pounds to build a ransomware campaign which, once up and running, can make over £30,000 a week for the attackers.
“This is the crime of the future,” said Rowan. “Why would you bother burgling a petrol station when you can download a ransomware kit from the internet and have it do all the work for you.”
According to the University College London cyber security researchers Steven Murdoch, attackers are finding more efficient ways to force their victims to pay the ransom. New types of ransomware have been found that don’t only encrypt the victim’s data but also make an online copy. The attacker then threatens to publish the sensitive data to the world if ransom is not paid.
The attackers most frequently target financial data and employee and customer information.