The Channel logo


By | John Leyden 7th September 2016 12:07

When you've paid the ransom but you don't get your data back

Oh, British firms... you're not alone – 1 in 3 pwned firms agree

Almost one in three firms that pay ransom fail to get their data back, according to new research from Trend Micro.

A poll of IT managers at 300 UK businesses sponsored by Trend Micro found that 44 per cent of UK businesses have been infected by ransomware in the last two years.

The study also found that around two-thirds (65 per cent) of UK companies confronted with a ransomware infected end up paying out in the hopes of getting their data back.

The average amount of ransom requested in the UK was £540, although 20 per cent of companies reported ransoms of more than £1,000. The majority – 57 per cent of companies – reported having been given under 24 hours to pay up.

Organisations affected by ransomware estimate they spent 33 person-hours on average fixing the problem.

The ransomware problem is growing. Trend Micro has identified 79 new ransomware families so far this year, compared to 29 in the whole of the 2015.

“When faced with a ransom situation, most organisations simply cannot afford to part with the encrypted data and are forced to fork out the requested amount, often more than once,” said Bharat Mistry, a cybersecurity consultant at Trend Micro. “Caving in to the demands of cyber-extortionists only reassures them of their strategy and perpetuates the threat cycle. That’s why companies must adequately protect themselves against ransomware and avoid playing on the attacker’s terms.”

Quizzed about their motivation behind a decision to pay the ransom, most companies (37 per cent) said they were worried about being fined if data were lost. Other reasons included encrypted data being highly confidential (32 per cent) and an easy-to-pay, low ransom amount (29 per cent).

Separately, the majority (66 per cent) of companies that refused to pay up said they don’t bargain with cybercriminals as a rule. A further 60 per cent claimed they were able to recover the data from back up files, and over a quarter (26 per cent) believed the data encrypted wasn’t valuable or confidential, and hence was not worth paying for. ®

comment icon Read 43 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe