Thousands of British businesses have paid ransoms to Russian hackers who are launching attacks every day and demanding £100,000 to release files.
The “epidemic” of ransomware is the biggest cyber-threat facing the country and it is far more pervasive than the Wannacry attack that paralysed the IT systems of scores of NHS trusts in May. The number of global attacks has hugely increased since 2015, according to a report by Malwarebytes: 'The New Mafia: Gangs and Vigilantes – A Guide to Cybercrime for CEOs'. It reports that Britain was the most affected country per capita this year and the second most targeted country after the US. Researchers estimate that groups linked to Russia created the ransomware used in between 50 percent and 75 percent of attacks.
According to the report there has been a 1,989 percent increase in ransomware detections since 2015, and Malwarebytes also records a 94 percent increase in average monthly ransomware detections since 2016.
The government surveyed 1,500 companies this year, and out of all of those, 300 said that they had been targeted by ransomware, whilst 120 said that a ransom attack caused significant disruption.
According to Malwarebytes, in July 43 percent of businesses paid the ransom for hackers, meaning that up to 180,000 businesses could have paid the amount asked of them. Also, insofar as it can be assessed, it is suggested that businesses in Britain are more likely to pay a ransom than anywhere else in the world.
The cost of attacks to the economy has reached more than £1 billion now due to all the investigation, damages and employee retraining costs. Police said it was impossible to get a handle on the scale of the problem with hacking because most companies will not disclose their breaches in fear of damaging their reputation.
Simon Edwards, Cybersecurity Solution Architect at Trend Micro commented on the issue in an email to SC Media UK: “This recent research confirms what we have known for a while, that ransomware is a major problem in the UK. However direct attribution to a specific Threat Actor (or country) is less reliable, and specific attribution to any cyber-attack is often very complex. Personally, I believe the bigger story of the year concerning ransomware has been the marked drop in the number of new ransomware families and the rise of the ransom worm.
“Here we have seen three major attacks: Wannacry, Non-Petya and Bad Rabbit. These have not necessarily been about extorting money, but more about destruction of the infected PC. The impact of these on the likes of the NHS, Maersk and WPP has been devastating, knocking out hospitals, supply chains and even National Critical Infrastructure, like railways in Germany.
“So yes, classic ransomware which tries to extort money from a user is bad, but equally, better user education can help solve the problem (don't click on links in emails!). But the fact that the worms that caused such devastation in the later 90s and early 2000s are now being combined with ‘wipers' is a much greater cause for concern because they don't rely on user interaction and spread very quickly.”