Study reveals 82% of organisations choose to pay ransomware demands

A study by security firm ‘Proofpoint’ has revealed that 82 per cent of UK organisations whose systems were infected by ransomware in 2021 opted to pay the ransom.

Despite cybersecurity and government agencies warning against paying, Proofpoint’s ‘2022 State of the Phish’ report states that this UK figure for 2021 is the highest in any region surveyed and is 40 per cent higher than the global average.

Phishing Attacks & Ransomware 

Phishing attacks are one of the main ways that criminals deliver ransomware (and other malware) or direct victims to a site where they download the ramsomware that allows criminals to access their networks. Proofpoint’s report showed that more than three-quarters of organisations (78 per cent) saw email-based ransomware attacks in 2021 and 91 per cent of UK organisations reported facing bulk phishing attacks in 2021. In fact, In the first three quarters of 2021, 15 million phishing messages with malware payloads were linked to later stage ransomware. For example, these malware families included Dridex, The Trick, Emotet, Qbot, and Bazaloader.

Why Not Pay? 

The National Cyber Security Centre (NCSC) states that “even if you pay the ransom, there is no guarantee that you will get access to your computer, or your files” and that “occasionally malware is presented as ransomware, but after the ransom is paid the files are not decrypted. This is known as wiper malware.” 

Also, organisations that pay the ransom will still have infected computers, will be paying criminal groups allowing them to continue and bring suffering to others, and it makes organisations that are known to pay to be more likely to be targeted in the future.

What Does The Survey Say Happened To Those Who Paid? 

As the Proofpoint study showed, 60 per cent of organisations chose to at least negotiate with the attackers, and 82 per cent paid.  However, despite advice against paying, only 4 per cent of those organisations who paid a ransom were unable to retrieve their data. This is likely to be either because the key didn’t work properly, or the attackers had simply made off with the money.

Is No Backup A Reason To Pay The Ransom? 

It would seem logical that a lack of an effective back up may be a reason why organisations would pay a ransom. A report by cyber security company Emsisoft (2020), however, showed that some victims of attacks have been capable of restoring their networks from backups but have still opted to pay the ransom.

It should also be noted that one tactic that ransomware attackers often use is to threaten to publish an organisation’s data if the ransom isn’t paid.

Protecting Your Business From Ransomware Attacks 

Ways in which businesses can protect themselves from falling victim to ransomware attacks include:

Educating staff about the risk of phishing emails and emails carrying malware, how to spot phishing/suspicious emails, and to never open emails that appear suspicious. Make regular backups of the most important files, keep them off-site (e.g., the cloud) and make multiple copies of files using different backup solutions. Make sure that the devices containing the backup are not permanently connected to the network, scan backups for malware before files are restored, and regularly patch products used for backup. Stop malicious content reaching company devices – e.g. by filtering to only allow file types you would expect to receive, blocking websites known to be malicious, actively inspecting content, and using signatures to block known malicious code. Prevent attacks via Remote Desktop Protocol (RDP), or unpatched remote access devices by disabling RDP if it’s not needed, enabling MFA at all remote access points into the network, using a VPN, and patching known vulnerabilities in all remote access and external-facing devices. Prevent malware running on devices – e.g. by centrally managing devices to only allow trusted apps and disabling or constraining scripting environments and macros. Plug vulnerabilities in devices – e.g. by installing security updates as soon they are available and enabling automatic updates for operating systems, applications and firmware.

What Does This Mean For Your Business?

Making sure there are strong security measures in place (particularly where email is concerned) and checking data is definitely being backed up securely on a regular basis (and that it is accessible when needed) can help towards effective ransomware protection. Attackers can pressurise businesses into paying (e.g. by threatening to destroy and/or publish data), and an attack may simply come at a bad time for a business where a long disruption could seem less costly than paying.

The fact is, however, that paying may not guarantee the return of data and may make a business more likely to be attacked again because they paid. Ultimately, businesses will, as the stats show, make their own decisions, but by their very nature, attackers can’t be trusted, and paying now could lead to even bigger problems later, and will fuel the continuing cycle of attacks for others too.

About J700 Group Limited

J700 Group are a Lancashire-based, family-run, professional, and responsive, Managed Solutions Provider helping Businesses, the Education Sector, and the Healthcare Sector to utilise Innovative IT Consultancy Services, Cloud Solutions, Cyber Security, Microsoft 365, Telecoms, Web Design and SEO solutions to propel their organisation to the next level and beyond.

As an experienced IT Support Provider, helping businesses across Lancashire & Manchester, if you need any assistance with your IT including IT Hardware, a Disaster Recovery Policy or Managed Backup Solutions; Call us today: 0333 7721 700  to see how we can help your business.

Where to find us: Prinny Mill Business Centre, 68 Blackburn Road, Haslingden, Lancashire, BB4 5HL

Enjoyed this? Read more from J700 Group Limited

Latest news

1

Construction begins on new Civil Service office building in Talbot Gateway Alan McBride Muse Will Town Defence Infrastructure Organisation Jennifer Chard Defence Business Services Cllr Lynn Williams Blackpool Council Garry Bowker Vinci

Construction begins on new Civil Service office building in Talbot Gateway

20 May 2025

2

Skiddle raises over £750,000 for charities Skiddle cheque presentation to Alder Hey Hospital

Skiddle raises over £750,000 for charities

20 May 2025

3

Former Victorian Hotel approved for residential conversion The site

Former Victorian Hotel approved for residential conversion

19 May 2025

4

REVOLUTION PARK: Work starts on Darwen’s new home of advanced manufacturing Oliver Webber, Tracy Clavell-Bate and Tim Webber from Barnfield Group with Cllr Phil Riley, second from right, Leader of Blackburn with Darwen Council

REVOLUTION PARK: Work starts on Darwen’s new home of advanced manufacturing

19 May 2025

5

Two Cuckoo Gins named winners in The Gin Guide Awards 2025 Mark Long

Two Cuckoo Gins named winners in The Gin Guide Awards 2025

19 May 2025

Background image for hub sign up block

LBV Hub

Leverage Lancashire Business View platforms

Post your news
Post your events
Post your offers
Build your network
Improve your SEO
Gain coverage in the magazine
Sign-up
Events
LBV122 May/June Launch Event
121 Lancashire Business View Magazine Launch
Networking
21 May 2025

LBV122 May/June Launch Event

Lancaster and Morecambe College, Lancaster, LA1 2TY

08:30 - 10:30

Sub36 Networking
Networking
11 Jun 2025

Sub36 Networking

British Jewellery School, Scorton, PR3 1BA

15:00 - 17:00

Lancashire Net Zero Carbon Conference
Net Zero Carbon Social 1200pxtrident 2
Networking
18 Jun 2025

Lancashire Net Zero Carbon Conference

Crow Wood Hotel & Spa Resort, Burnley, BB12 0RT

08:30 - 13:00

Lancashire Built Environment Conference 2025
BEC 315 X 315 Px
Networking
25 Sep 2025

Lancashire Built Environment Conference 2025

Blackpool Football Club, Blackpool, FY1 6HX

08:30 - 13:00

CMI Level 5 Management and Leadership Course
UCLanAerialCampus.jpg.jpg
LBV Hub Seminars
21 Feb 2025 - 21 Feb 2026

CMI Level 5 Management and Leadership Course

Preston Campus, Preston , PR1 2HE

09:00 - 17:00

CMI Level 5 Project Management Course
UCLanAerialCampus.jpg.jpg
LBV Hub Seminars
21 Feb 2025 - 21 Feb 2026

CMI Level 5 Project Management Course

Preston Campus, Preston, PR1 2HE

08:00 - 17:00

RISE - The Academy for Female Leaders and Managers
WENDY BOWERS RISE Illustrstion copy.jpg.jpg
LBV Hub Seminars
02 Apr 2025 - 08 Oct 2025

RISE - The Academy for Female Leaders and Managers

East Lancashire Chamber of Commerce, Clayton le Moors, BB5 5JR

09:00 - 15:30

The Business Network Central & East Lancashire
LBV Hub Networking
22 May 2025 - 22 May 2025

The Business Network Central & East Lancashire

Mytton Fold, Langho, BB6 8AB

11:30 - 14:15

Preston Freelancer Meet-Up: May
Freelancer Meet-Up May.png.png
LBV Hub Networking
22 May 2025 - 22 May 2025

Preston Freelancer Meet-Up: May

society1, Coworking Space, Preston, PR1 3LT

10:00 - 11:30

Amber River True Bearing quarterly investment seminar
LBV Hub Seminars
22 May 2025 - 22 May 2025

Amber River True Bearing quarterly investment seminar

Cottons Hotel & Spa , Knutsford, WA16 0SU

16:00 - 18:00

Liverpool Business Expo 2025
https---cdn.evbuc.com-images-881365363-4862066883-1-original.20241023-085714.jpeg.jpg
LBV Hub Awards
23 May 2025 - 23 May 2025

Liverpool Business Expo 2025

Aintree Racecourse , Liverpool , L9 5AS

09:00 - 15:00

Advantage: AI – A Workshop for Business Leaders – May 29
Artboard 15.png.png
LBV Hub Seminars
29 May 2025 - 29 May 2025

Advantage: AI – A Workshop for Business Leaders – May 29

Door4 Office, Burnley Wharf, Manchester Road, Burnley, BB11 1JG

09:00 - 11:00

Advertise with us

Reaching 50,000 members, our print, digital and event platforms offer a fantastic way to raise your business profile and help you grow.

Find out more LBV122 Online Graphic
Subscribe now

Weekly news bulletin