Experts have today warned UK businesses and consumers on what they are calling the Russian ransomware epidemic.
As part of this epidemic, thousands of British businesses are paying ransoms of up to £100,000 to Russian hackers. This latest spate of ransomware attacks facing the UK is far more pervasive than the WannaCry attack that crippled the NHS and other organisations across the world earlier this year.
According to Malwarebytes the number of attacks globally has increased twentyfold since 2015, with Britain being the second most targeted country after the US in 2017.
On top of this, the UK was the worst affected per capita, accounting for 11% of attacks, according to Sophos Labs, a web monitoring company, said. It was estimated that 50-75% of these ransomware attacks originated in Russia. The cost of attacks to the economy is estimated at more than £1 billion.
>See also: Held hostage: the rise of ransomware
Alan Woodward, a cyber expert at the University of Surrey who advises Europol, said: “The UK is bad in terms of attracting ransomware attacks . . . there is a suspicion it’s because people in the UK are more willing to pay.”
A year to forget
This year a government survey confirmed that out of 1,500 UK companies surveyed, 300 had been targeted by ransomware, with 120 revealing that it caused them severe disruption.
Over a quarter of local authorities have been hit by ransomware, according to a freedom of information request.
Malwarebytes have said, based on research, that 43% of companies that have suffered breaches in the year to July paid the ransom. And some banks in London have stockpiled bitcoins to pay ransomware hackers in the event of ransomware attack scenario.
>See also: The ransomware business model
Police sources said it was impossible to get a handle on the scale of the problem since most companies did not disclose breaches because of the fear of damaging their reputation. A senior police officer told The Times that attacks in Britain were “alarmingly under-reported” by companies that did not want to admit vulnerability, hindering efforts to tackle the problem.
Paul Hoare, a cybercrime expert at the National Crime Agency said: “We can’t carry out the analysis needed to prevent these attacks if we don’t have the data to work from,” he said. “Failed attacks often contain vital information and we get virtually no reports of attempted attacks.”
Simon Edwards, cyber security solution architect at Trend Micro, said that this research “confirms what we have known for a while, that ransomware is a major problem in the UK. However direct attribution to a specific Threat Actor (or country) is less reliable, and specific attribution to any cyber attack is often very complex. Personally, I believe the bigger story of the year concerning ransomware has been the marked drop in the number of new ransomware families and the rise of the ransom worm.”
>See also: Downtime is key cost of ransomware attacks
“Here we have seen three major attacks: Wannacry, Non-Petya and Bad Rabbit. These have not necessarily been about extorting money, but more about destruction of the infected PC. The impact to these to the likes of the NHS, Maersk and WPP has been devastating, knocking out hospitals, supply chains and even National Critical Infrastructure, like railways in Germany.”
“So yes, classic ransomware which tries to extort money from a user is bad, but equally, better user education can help solve the problem (don’t click on links in emails!). But the fact that the worms that caused such devastation in the later 90s and early 2000s are now being combined with ‘wipers’ is a much greater cause for concern because they don’t rely on user interaction and spread very quickly.”