A lot of people have predicted that ransomware will be the big cyber security story in 2017. But not many have realised that fear of ransomware is a problem in itself.
Research from Citrix published today has shown that two in five large UK businesses have fallen victim to con artists who claim, falsely, to have launched a ransomware attack and then demanded a ransom. And such is the fear of ransomware that nearly two thirds of these businesses have paid the ransom demanded for the non-existent attack.
In the research, 500 IT decision makers in large businesses were questioned about sham ransomware attacks. In these attacks scammers claim that extortion software has successfully infected an organisation’s computer system and demand payment to release data; on average businesses are paying out over £13,000 to these tricksters.
The vast majority of companies do consider whether the demand is a bluff; but having considered this, well over half go on to pay the “ransom”.
Ransomware is rightly feared by organisations that have failed to take appropriate precautions in the form of robust back up policies, alongside cyber hygiene processes to keep malware out in the first place. As Chris Mayers, chief security architect at Citrix, puts it: “Cyber criminals are on the lookout for easy wins and are taking advantage of fears around ransomware to make money from ‘bluff’ ransomware attacks. With so many UK businesses falling victim to these scams, learning to distinguish real threats from a false attack can save considerable sums.”
Well that’s true. But the monetary loss from these fake attacks is probably insignificant compared with the management and worker time lost as normal operations are interrupted while security departments try to find and defuse these non-existent attacks. In addition, organisations that discover they have been fooled by a fake attack are likely to be less proactive about defending themselves in the future, leading to potential problems later on.
The solution would seem to be combining robust work processes to respond to attacks with appropriate technology to identify whether threats are real, and isolate them if they are.