Ransomware: The cyber risk businesses can't afford to ignore

The number of ransomware attacks in the UK reported to the Information Commissioner's Office (ICO) more than doubled from 2020 to 2021.¹ And in The Cyber Security Breaches Survey, a research study for UK cyber resilience aligning with the National Cyber Strategy, of the 39% of UK businesses surveyed that identified as being the victim of a cyberattack, around one in five (21%) identified a more sophisticated attack type such as a denial of service, malware, or ransomware.²

This type of cybercrime is one of the most significant and growing cyber threats, with serious economic, security and public safety consequences for the financial sector and the UK economy.

Ransomware explained

What is ransomware?

Ransomware involves cybercriminals encrypting an organisation's files, primarily through phishing emails with malicious attachments or links that take the user to an infected website. The attacker will then demand money to provide access to the files. These attacks are becoming more sophisticated and damaging to businesses needing large amounts of money and time to react, respond and recover.

Phishing emails, fake ads, fake sites and fake texts are all used by criminals to tempt or trick the victims into downloading malware. These increased during the Covid-19 pandemic as test and trace, travel rules, vaccination news and school closures were harnessed as subjects of interest more likely to trick the recipient.

Over the past few years, ransomware has evolved from a tactic used by small groups and individuals to complex, coordinated and highly profitable global operations. Behind the scenes, sophisticated and highly skilled back-end developers are constantly creating new variants to evade anti-virus software.

Financial and operational impact of ransomware

Many businesses cannot operate without access to data, and the financial impact can be devastating. In fact, independent research by Vanson Bourne revealed 40% of UK companies reported an average of five attacks, costing them individually £329,976 per annum. ³ Recovering the data can take time. The average downtime a company experiences after a ransomware attack is 7-21 days.⁴

Ransomware risk to reputation

Customer data or sensitive client information being leaked can have enormous repercussions for businesses. Even if this eventuality doesn't occur, the fact that a business has been breached and threatened in this way is not positive PR. The impact can be very detrimental to a company's reputation.

Should I pay a ransomware payment?

Ransomware is the biggest online threat to UK organisations, and of great concern to the National Cyber Security Centre (NCSC) as is the evidence of a rise in payments to criminals behind these attacks.⁵ Tempting as it may be to pay a ransom to get systems back up and running as quickly as possible, this is never recommended and is not condoned by the UK Government. Firstly, there's no guarantee you'll receive your data, and you may still find your systems are compromised again in future.

The NCSC and the Information Commissioner's Office have called for help from the Law Society after concerns that legal teams were still advising some victims to pay.

Prevention and protection of ransomware

Although most business owners are not cybersecurity experts, there are preventative actions that can be taken to protect against an attack:

Understanding how ransomware works—can at least prepare the business for the cyber risks they face.

Get cybersecurity and ransomware on the business agenda—explore steps that can be taken to prevent an attack or minimise the impact.

Implement strong network and security measures—to prevent an attack and segment networks that stop the spread of an attack.

Keeping all anti-malware software up to date—have a rigorous, routine backup system.

These types of attacks can have a huge impact on organisations and individuals, so understanding the risks and how to protect against them is something businesses of all sizes should be aware of. The UK Government is working with partners to mitigate the threat; in December 2021, the National Cyber Strategy was launched to provide £2.6bn of new investment.⁶

Taking action against ransomware

As we have embraced home and hybrid working, cybersecurity and ransomware threats must remain a priority for businesses of all sizes. The ongoing threat of ransomware is likely to remain for some time. It's vital to be prepared and protected. Consider having cyber insurance in place to protect against data breaches and/or loss of income in the case of an attack. Businesses should also arrange for cybersecurity risk assessments and audits and train and regularly test staff. It's also advisable to thoroughly assess suppliers' security measures.

The NCSC has a number of resources to help you prevent and protect against ransomware. Our UK Risk Hub also has a wealth of tools, assessments and expert insights to help you combat data protection concerns and cybercriminal activity.