Webroot Survey Reveals up to Half of UK Organisations Have Fallen Prey to Ransomware Attacks

Despite Lessons Learned from WannaCry, Healthcare Organisations Particularly At Risk

LONDON - May 10, 2018

A year after the WannaCry ransomware attack impacted an estimated 200,000 victims and 200,000 computers, new research from Webroot, the Smarter Cybersecurity® company has revealed that organisations across the UK are still struggling to deal with ransomware.

Webroot surveyed over 400 IT decision makers at UK businesses and found that 45 per cent of those surveyed had suffered a ransomware attack, with nearly a quarter (23 per cent) actually paying the ransom. Despite this finding, 88 percent of organisations feel better equipped to deal with an attack following WannaCry, suggesting a sense of false confidence.

This sentiment is magnified in the healthcare industry, where organisations are more prone to attack than other industries surveyed. Over half of healthcare companies polled (52 per cent) suffered an attack. Despite this, 98 per cent of respondents in the healthcare sector feel better equipped to deal with a ransomware attack than a year ago.  

While the WannaCry ransomware campaign may have had its chaotic focal point in May of 2017, Webroot data shows this strain of ransomware remains a serious threat today. In the past year, Webroot has detected more than 12,000 unique WannaCry executables, most only seen on one machine, pointing to polymorphic malware. Despite WannaCry being more than a year old, criminals are still exploiting it, with Webroot detecting over 500 new variants each month.

Research Highlights:

  • 45 per cent of organisations surveyed have suffered a successful ransomware attack, a number that rises to 52 per cent of organisations in the healthcare sector.
  • 14 per cent of these organisations have fallen victim to ransomware several times. In the healthcare sector, multiple attacks hit over one in four (26 per cent) of organisations.
  • When the infection spread, the IT department was the first entry point (47 per cent), followed by the finance department (21 per cent).
  • Organisations are pessimistic about ransomware, with 69 per cent expecting to fall victim to this type of attack in future.
  • Of those hit by ransomware, nearly a quarter (23 per cent) actually paid the ransom, suggesting that they had no feasible recovery plan alternative.
  • Of those sampled, 56 per cent would consider paying the ransom if under attack. The healthcare sector is more cautious, with 34 per cent holding this view.
  • 5 per cent have stocked Bitcoin to pay a ransom, rising to 8 per cent in the healthcare sector.
  • 88 per cent of organizations and 98 per cent of healthcare organizations polled feel better equipped to defend against cyberattack since WannaCry.
  • Risk mitigation and recovery processes are overlooked by high proportions of respondents:
    • 36 per cent don’t have a regular back-up system (32 per cent in healthcare)
    • 40 per cent haven’t invested any more money in defences since 2017 (34 per cent in healthcare)
    • 46 per cent haven’t held staff training on ransomware (42 per cent in healthcare)
    • 59 per cent haven’t held IT crisis drills (58 per cent in healthcare)

Key Quotes:

David Kennerley, Director of Threat Research, Webroot

“The WannaCry attack of 2017 made global headlines and severely impacted organisations everywhere – most notably the NHS in the UK. Across all sectors it’s clear that awareness of ransomware as a threat has increased since the attack. However, organisations still aren’t investing the necessary time and resources in risk mitigation and recovery processes, leaving them with limited options in case of a successful attack. The healthcare industry in particular needs to be very aware of the fact that it is a high profile target, with valuable data at stake, and take special care to ensure that defences are in place.”

Tips for Businesses:

  • Create reliable backups – Having a regular reliable backup process is critical to defeating ransomware. Backups need to be air-gapped and not accessible from the network.
  • Get patching – Make sure operating systems and third party software is kept up to date.
  • Raise awareness – Organizations that invest in Security Awareness Training with phishing simulation tools are less likely to suffer from attacks than those who don’t invest in employee education.
  • Protect all attack vectors – Research, purchase, deploy, test, monitor, and maintain all security systems across all attack vectors.
  • Plan ahead – Organisations need to create detailed disaster recovery plans and conduct dry-run testing to improve plan efficacy.
  • Understand your data – Categorise mission critical data versus lower-priority data. Businesses may wish to create a more frequent backup schedule for crucial business data.
  • Secure Remote Desktop Access- Create strong usernames and passwords, restrict RDP to a whitelisted IP, and require two-factor authentication.
  • Avoid paying the ransom if possible – Even if ransomware lands on your system, paying the ransom does not guarantee a cybercriminal will actually return the files. Some common ransomware might have publicly available decryption keys. Work with your antivirus or internet service provider for help. 

Research Methodology

This research was conducted by Censuswide on behalf of Webroot. Respondents were 430 IT decision makers at UK-based businesses. The full report can be found here.

About Webroot

Webroot was the first to harness the cloud and artificial intelligence to protect businesses and individuals against cyber threats. We provide the number one security solution for managed service providers and small businesses, who rely on Webroot for endpoint protection, network protection, and security awareness training. Webroot BrightCloud® Threat Intelligence Services are used by market leading companies like Cisco, F5 Networks, Citrix, Aruba, Palo Alto Networks, A10 Networks, and more. Leveraging the power of machine learning to protect millions of businesses and individuals, Webroot secures the connected world. Headquartered in Colorado, Webroot operates globally across North America, Europe, and Asia. Discover Smarter Cybersecurity® solutions at webroot.com.

About Us

Webroot delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals around the globe. Our smarter approach harnesses the power of cloud-based collective threat intelligence derived from millions of real-world devices to stop threats in real time and help secure the connected world.