Study reveals 82% of organisations choose to pay ransomware demands

A study by security firm ‘Proofpoint’ has revealed that 82 per cent of UK organisations whose systems were infected by ransomware in 2021 opted to pay the ransom.

Despite cybersecurity and government agencies warning against paying, Proofpoint’s ‘2022 State of the Phish’ report states that this UK figure for 2021 is the highest in any region surveyed and is 40 per cent higher than the global average.

Phishing Attacks & Ransomware 

Phishing attacks are one of the main ways that criminals deliver ransomware (and other malware) or direct victims to a site where they download the ramsomware that allows criminals to access their networks. Proofpoint’s report showed that more than three-quarters of organisations (78 per cent) saw email-based ransomware attacks in 2021 and 91 per cent of UK organisations reported facing bulk phishing attacks in 2021. In fact, In the first three quarters of 2021, 15 million phishing messages with malware payloads were linked to later stage ransomware. For example, these malware families included Dridex, The Trick, Emotet, Qbot, and Bazaloader.

Why Not Pay? 

The National Cyber Security Centre (NCSC) states that “even if you pay the ransom, there is no guarantee that you will get access to your computer, or your files” and that “occasionally malware is presented as ransomware, but after the ransom is paid the files are not decrypted. This is known as wiper malware.” 

Also, organisations that pay the ransom will still have infected computers, will be paying criminal groups allowing them to continue and bring suffering to others, and it makes organisations that are known to pay to be more likely to be targeted in the future.

What Does The Survey Say Happened To Those Who Paid? 

As the Proofpoint study showed, 60 per cent of organisations chose to at least negotiate with the attackers, and 82 per cent paid.  However, despite advice against paying, only 4 per cent of those organisations who paid a ransom were unable to retrieve their data. This is likely to be either because the key didn’t work properly, or the attackers had simply made off with the money.

Is No Backup A Reason To Pay The Ransom? 

It would seem logical that a lack of an effective back up may be a reason why organisations would pay a ransom. A report by cyber security company Emsisoft (2020), however, showed that some victims of attacks have been capable of restoring their networks from backups but have still opted to pay the ransom.

It should also be noted that one tactic that ransomware attackers often use is to threaten to publish an organisation’s data if the ransom isn’t paid.

Protecting Your Business From Ransomware Attacks 

Ways in which businesses can protect themselves from falling victim to ransomware attacks include:

Educating staff about the risk of phishing emails and emails carrying malware, how to spot phishing/suspicious emails, and to never open emails that appear suspicious. Make regular backups of the most important files, keep them off-site (e.g., the cloud) and make multiple copies of files using different backup solutions. Make sure that the devices containing the backup are not permanently connected to the network, scan backups for malware before files are restored, and regularly patch products used for backup. Stop malicious content reaching company devices – e.g. by filtering to only allow file types you would expect to receive, blocking websites known to be malicious, actively inspecting content, and using signatures to block known malicious code. Prevent attacks via Remote Desktop Protocol (RDP), or unpatched remote access devices by disabling RDP if it’s not needed, enabling MFA at all remote access points into the network, using a VPN, and patching known vulnerabilities in all remote access and external-facing devices. Prevent malware running on devices – e.g. by centrally managing devices to only allow trusted apps and disabling or constraining scripting environments and macros. Plug vulnerabilities in devices – e.g. by installing security updates as soon they are available and enabling automatic updates for operating systems, applications and firmware.

What Does This Mean For Your Business?

Making sure there are strong security measures in place (particularly where email is concerned) and checking data is definitely being backed up securely on a regular basis (and that it is accessible when needed) can help towards effective ransomware protection. Attackers can pressurise businesses into paying (e.g. by threatening to destroy and/or publish data), and an attack may simply come at a bad time for a business where a long disruption could seem less costly than paying.

The fact is, however, that paying may not guarantee the return of data and may make a business more likely to be attacked again because they paid. Ultimately, businesses will, as the stats show, make their own decisions, but by their very nature, attackers can’t be trusted, and paying now could lead to even bigger problems later, and will fuel the continuing cycle of attacks for others too.

About J700 Group Limited

J700 Group are a Lancashire-based, family-run, professional, and responsive, Managed Solutions Provider helping Businesses, the Education Sector, and the Healthcare Sector to utilise Innovative IT Consultancy Services, Cloud Solutions, Cyber Security, Microsoft 365, Telecoms, Web Design and SEO solutions to propel their organisation to the next level and beyond.

As an experienced IT Support Provider, helping businesses across Lancashire & Manchester, if you need any assistance with your IT including IT Hardware, a Disaster Recovery Policy or Managed Backup Solutions; Call us today: 0333 7721 700  to see how we can help your business.

Where to find us: Prinny Mill Business Centre, 68 Blackburn Road, Haslingden, Lancashire, BB4 5HL

Enjoyed this? Read more from J700 Group Limited

Latest news

1

Roundhouse secures approval for new £15m office and industrial scheme in Preston Momentum

Roundhouse secures approval for new £15m office and industrial scheme in Preston

25 Jul 2025

2

Homebuilder's high-performing sales advisers clinch awards Ben Garland and Julia Lorente

Homebuilder's high-performing sales advisers clinch awards

24 Jul 2025

3

Work is set to start on Multiversity project Multiversity Blackpool

Work is set to start on Multiversity project

24 Jul 2025

4

BAE Systems welcomes MOU between Republic of Turkiye and UK for purchase of Typhoon aircraft Typhoon production Warton

BAE Systems welcomes MOU between Republic of Turkiye and UK for purchase of Typhoon aircraft

23 Jul 2025

5

Assystem to double UK jobs to deliver Sizewell C EDF Assystem

Assystem to double UK jobs to deliver Sizewell C

22 Jul 2025

Background image for hub sign up block

LBV Hub

Leverage Lancashire Business View platforms

Post your news
Post your events
Post your offers
Build your network
Improve your SEO
Gain coverage in the magazine
Sign-up
Events
Lancashire Built Environment Conference 2025
BEC 315 X 315 Px
Networking
25 Sep 2025

Lancashire Built Environment Conference 2025

Blackpool Football Club, Blackpool, FY1 6HX

08:30 - 13:00

CMI Level 5 Management and Leadership Course
UCLanAerialCampus.jpg.jpg
LBV Hub Seminars
21 Feb 2025 - 21 Feb 2026

CMI Level 5 Management and Leadership Course

Preston Campus, Preston , PR1 2HE

09:00 - 17:00

CMI Level 5 Project Management Course
UCLanAerialCampus.jpg.jpg
LBV Hub Seminars
21 Feb 2025 - 21 Feb 2026

CMI Level 5 Project Management Course

Preston Campus, Preston, PR1 2HE

08:00 - 17:00

Preston Tech Connection: Buzz Word Bingo. Challenging Todays's Buzzwords In Tech
July PTC banner long updated.png.png
LBV Hub Networking
29 Jul 2025 - 29 Jul 2025

Preston Tech Connection: Buzz Word Bingo. Challenging Todays's Buzzwords In Tech

Society1, Coworking Space, Preston, PR1 3LT

18:00 - 19:30

Preston Freelancer Meet-Up: July
Longer July Banner.jpg.jpg
LBV Hub Networking
31 Jul 2025 - 31 Jul 2025

Preston Freelancer Meet-Up: July

Society1, Coworking Space, Preston, PR1 3LT

10:00 - 11:30

Advantage: AI – A Workshop for Business Leaders – August 14th
Navy--Event Tile.png.png
LBV Hub Seminars
14 Aug 2025 - 14 Aug 2025

Advantage: AI – A Workshop for Business Leaders – August 14th

Door4 Office, Burnley Wharf, Burnley, BB11 1JG

09:00 - 12:00

The Business Network Central & East Lancashire
LBV Header (24).png.png
LBV Hub Networking
21 Aug 2025 - 21 Aug 2025

The Business Network Central & East Lancashire

Mytton Fold, Langho, BB6 8AB

11:30 - 14:15

Morecambe Bay Walk
Walk.jpg.jpg
LBV Hub Awards
30 Aug 2025 - 30 Aug 2025

Morecambe Bay Walk

Arnside, CARNFORTH, LA5

09:30 - 14:00

Longridge Soap Box Derby
Screenshot 2025-06-10 090035.png.png
LBV Hub Fundraisers
14 Sep 2025 - 14 Sep 2025

Longridge Soap Box Derby

Berry Lane, Longridge, PR3 3WH

10:00 - 16:30

Cumbria Business Expo 2025
https---cdn.evbuc.com-images-880461633-4862066883-1-original.20241022-110415.jpeg.jpg
LBV Hub Exhibitions
19 Sep 2025 - 19 Sep 2025

Cumbria Business Expo 2025

Carlisle Racecourse, Carlisle, CA2 4TS

09:00 - 15:00

Help to grow management course
Help to grow - barriers to growth.png.png
LBV Hub Seminars
26 Sep 2025 - 16 Dec 2025

Help to grow management course

Preston Campus , Preston , PR1 2HE

09:00 - 15:00

RISE - Lancashire's unique leadership programme for women
thumbnail_Emma Weston Illustration WENDY BOWERS RISE Illustrstion.jpg.jpg
LBV Hub Seminars
22 Oct 2025 - 18 Mar 2026

RISE - Lancashire's unique leadership programme for women

East Lancashire Chamber of Commerce, Clayton le Moors, BB5 5JR

09:30 - 15:30

Advertise with us

Reaching 50,000 members, our print, digital and event platforms offer a fantastic way to raise your business profile and help you grow.

Find out more LBV 123 Online Graphic
Subscribe now

Weekly news bulletin