IT disaster recovery, cloud computing and information security news

Paying the ransom is still the most common response to a ransomware attack

Research from Databarracks reveals that 44 percent of UK organizations that suffered a ransomware attack, paid the ransom. 34 percent recovered from backups, while 22 percent used ransomware decryption tools.

The findings come from the Databarracks 2022 Data Health Check. Running since 2008, the annual report surveys over 400 IT decision-makers in the UK on ransomware, cyber, backup, disaster recovery and business continuity.

Managing Director of Databarracks, James Watts commented:

“From the perspective of the victim, it’s understandable why you might pay a ransom. You can’t service customers, you can’t take orders and losses quickly accumulate. The costs of downtime can quickly exceed the ransom.

“Organizations might think that by paying the ransom it resolves the problem more quickly so they can get back to business as usual. There are several reasons why this approach is flawed.

“Firstly, there’s no guarantee that you will get your data back. Secondly, it’s quite common for organizations to be attacked again once criminals know they are an easy target. Lastly, it sends the wrong message. By paying, you are indirectly encouraging the criminals, showing their tactics work.

“With the right preparation and guidance however, you can recover your data, and never have to pay the ransom.
“Patch and update systems regularly, train staff on spotting phishing emails, and maintain the principle of least privilege.

“Immutable storage and physical or logical air-gaps will protect backups from also being changed or encrypted. If you do suffer an attack, your backups are your last line of defence.

“When you need to recover, identify your most recent, clean recovery point and carry out isolated, sandbox recoveries. Check to make sure no further ransomware is present before starting the full restoration. Lastly, test your disaster recovery plan so know the process and you are confident you can recover quickly and effectively.

“This year’s survey also showed a growing number of organizations have a policy for whether they would pay out on a ransomware attack. 68 percent of organizations had a policy in place, up from 54 percent last year. The data demonstrates an increasing awareness and better preparation for ransomware attacks.”

Obtain the report.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.