One third of UK organisations would pay up for ransomware, finds Computing report

clock • 2 min read

That's a six per cent rise since 2016

WannaCry and NotPetya seem to have made their mark on the UK enterprise, with the latest Computing security research report finding that a massive 31 per cent of organisations are between "quite likely" and "very likely" to pay up to crooks following a ransomware attack.

The information was revealed this morning at Computing's Enterprise Security & Risk Summit in London by Computing Technology Analyst Peter Gothard.

Gothard described this rise in willingness to pay off attacks as "a knock-on the seemingly unstoppable force of cheap and cheerful ransomware" that resulted in the widespread appearance of WannaCry and NotPetya early this year, making a particularly profound effect on the NHS.

"While the [WannaCry] ransomware was pretty unsophisticated in itself, it still managed to affect at least 81 out of 231 health trusts across the UK, either directly or indirectly," he observed.

"The National Audit Office's ensuing investigation revealed, and I quote, ‘an absence of clear guidelines' on how to carry out a plan, which seemed to ensure there'd be another attack based on the same code.

And then we got NotPetya just a little while afterwards - both based on the EternalBlue SMB exploit, and thus both capitalising on versions of the same fault."

As a comparison with 2016, when Computing asked the same question, six per cent more organisations are now willing to pay criminals to be released from a ransomware attack.

"That's may seem a small change," he said, "but if you think about - significant when discussing something this serious. And expensive."

To conclude, Gothard warned that "all indicators say that ransomware, now it's proving lucrative and scary, is not going to abate any time soon" and that while enterprise boards now appear to be sititng up and listening in the face of genuine effects and repercussions, board members still need to "digest the facts" in order to begin adequately funding CISO action against properly protecting organisations.

Click here to download the full report on which the keynote was based.

You may also like
Big Issue subject to latest cybergang attack

Hacking

The hackers claim to have stolen 550GB of confidential information

clock 28 March 2024 • 2 min read
University CIO: 'We were owned in 4 hours'

Threats and Risks

And that certainly focused minds, says Salford University’s Mark Wantling

clock 20 March 2024 • 5 min read
Capita reports £107mn annual losses, blames cyberattack

Finance and Reporting

Capita's share price plummeted 54% since the attack

clock 08 March 2024 • 2 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Threats and Risks

UK sanctions China-based hackers

UK sanctions China-based hackers

Attackers were targeting voters and politicians

clock 28 March 2024 • 3 min read
Russian cyber spies target German politicians in sophisticated phishing attack

Russian cyber spies target German politicians in sophisticated phishing attack

Germany's cyber agency BSI warned that state-backed hackers aimed to establish long-term access to German political networks

clock 25 March 2024 • 3 min read
Apple M-series CPU vulnerability enables attackers to purloin cryptographic keys from Macs

Apple M-series CPU vulnerability enables attackers to purloin cryptographic keys from Macs

US researchers find baked-in flaw

Graeme Burton
clock 22 March 2024 • 2 min read