Proofpoint Cybersecurity Study on Ransomware

Proofpoint CyberSecurity study on Ransomware has revealed that 82 per cent of UK organisations whose systems were infected by ransomware in 2021 opted to pay the ransom.

Much Higher Than The Global Average

Despite cybersecurity and government agencies warning against paying, Proofpoint’s ‘2022 State of the Phish’ report states this UK figure in 2021 is the highest in any region surveyed. This is 40 per cent higher than the global average.

Phishing Attacks & Ransomware

Phishing attacks are one of the main ways that criminals deliver ransomware/malware or direct victims to a site where they download the ransomware that allows criminals to access their networks. Proofpoint’s report showed that more than 78 per cent saw email-based ransomware attacks in 2021. Also that 91 per cent of UK organisations reported facing bulk phishing attacks in 2021. In the first three quarters of 2021, 15 million phishing messages with malware payloads were linked to later stage ransomware. For example, these malware families included Dridex, The Trick, Emotet, Qbot, and Bazaloader.

Why Not to Pay?

The National Cyber Security Centre states “even if you pay the ransom, there is no guarantee that you will get access to your computer, or your files” and that “occasionally malware is presented as ransomware, but after the ransom is paid the files are not decrypted. This is known as wiper malware.”

Also, those that pay the ransom will still have infected computers, will be paying criminal groups allowing them to continue and bring suffering to others, it makes organisations that are known to pay to be more likely to be targeted again.

What Does The Survey Say Happened To Those Who Paid?

Proofpoint showed, 60 per cent chose to at least negotiate with the attackers, and 82 per cent paid.

Despite advice against paying, only 4 per cent of those who paid a ransom were unable to retrieve their data. This is either the key didn’t work properly, or the attackers simply made off with the money.

Is No Backup A Reason To Pay The Ransom?

It seems logical a lack of an effective back up may be a reason why organisations would pay a ransom.

A report by Emsisoft showed that some victims of attacks have been able of restoring their networks from backups. However have still opted to pay the ransom.

It’s noted that one tactic ransomware attackers use is to threaten to publish an organisation’s data.

Protecting Your Business From Ransomware Attacks

Ways in which businesses can protect themselves from falling victim to ransomware attacks include:

– Educating staff about the risk of phishing emails and emails carrying malware. How to spot phishing/suspicious emails, and to never open emails that appear suspicious.

– Make regular backups of the most important files. Keep them off-site (Use cloud) and make multiple copies of files using different backup solutions.

– Make sure that the devices containing the backup are not permanently connected to the network. Scan backups for malware before files are restored, and regularly patch products used to backup.

– Stop malicious content reaching company devices by filtering to only allow file types you would expect to receive. blocking websites known to be malicious, actively inspecting content, and using signatures to block known malicious code.

– Prevent attacks via (RDP), or unpatched remote access devices by disabling RDP if not needed, enabling MFA at all remote access points into the network, using a VPN, and patching known vulnerabilities in all remote access and external facing devices.

– Prevent malware running on devices – e.g. Managing devices only allow trusted apps and disabling/constraining scripting environments and macros.

– Plug vulnerabilities in devices – e.g. installing security updates and enabling automatic updates for operating systems, applications and firmware.

What Does This Mean For Your Business?

Making sure there are strong security measures in place (where email is concerned) checking data is definitely being backed up securely on a regular basis (and that it is accessible when needed) can help towards effective ransomware protection. Attackers can pressurise businesses into paying by threatening to destroy and/or publish data, and an attack may come at a bad time where a long disruption could seem less costly than paying. The fact is that paying may not guarantee the return of data and may make a business more likely to be attacked again because they paid. Ultimately, businesses will, as the stats show, make their own decisions, but by their very nature, attackers can’t be trusted and paying now could lead to even bigger problems later, and will fuel the continuing cycle of attacks for others too.

How can Evolve Group assist
– Using Multifactor Authentication throughout our entire cloud datacentre and ITaaS offerings we prevent over 90% of these attacks.
– Your data is securely backed up every night
– Why not give us a call for a quick 5 minute demo to show you how these attacks are prevented.

-Proofpoint Cybersecurity Study on Ransomware