Warning: Fake Ransomware

 

UK businesses appear to be over-hastily paying up when confronted with what appears to be crypto-ransomware, according to new data released from Citrix.

The firm polled 500 IT decision makers in firms with 250 or more employees and revealed that nearly 40% had experienced a “bluff” ransomware attack, that is a scam in which the black hat claims to have encrypted the victim’s data but in reality is simply using social engineering to force payment.

What’s more, 60% claimed to have paid up on demand, with the average sum a little over £13,400.

It remains unknow exactly how those duped by the “bluff” ransomware attacks were subsequently able to identify that they’d been scammed “because that isn’t a question that we asked them.”

It’s possible that third party experts were able to confirm this after the event: over half (57%) of affected UK businesses shared that information with the police, 59% with organisations like the National Cyber Security Centre, and 45% with cyber-security initiatives like No More Ransom.

Just 24% of affected firms shared this information with customers, partners and suppliers.

“This research leaves a worrying impression that organizations may be treating ransomware as a cost of doing business, just like shrinkage and fraud in some sectors. Yet this mentality may be resulting in British businesses paying out when it is not necessary, while simultaneously supporting cyber-criminal activity,” argued Citrix chief security architect, Chris Mayers.

“Whether they pay the ransom or not, sharing information on the ‘bluff’ attack is key to ensuring that other organisations do not fall victim to the same scam.”

He added that telling the real from the bluff can be technically challenging, especially as cyber-criminals will often try to scare the victim so they don’t try to bypass the warning screen, for example by saying their files will be deleted if they try to reboot.

Infosecurity Magazine

Ransomware- Practical Advice To Protect & Recover Using Free Tools:

 

« 2016 Healthcare Data Breaches
Computer Says No »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jones Day

Jones Day

Jones Day is an international law firm based in the United States. Practice areas include Cybersecurity, Privacy & Data Protection.

ZeroFox

ZeroFox

ZeroFox safeguards modern organizations from dynamic security risks across social, mobile, surface, deep and dark web, email and collaboration platforms.

Redicom

Redicom

Redicom is an independent consulting agency focusing on identity management, strong authentication and single-sign-on.

Gospel Technology

Gospel Technology

Gospel presents a totally new way of accessing and controlling data which is enterprise grade scalable, highly resilient, and secure.

Intuity

Intuity

The Intuity suite of services provides companies with a complete awareness of their security status and helps them in an efficient, efficient and sustainable improvement process.

Indeed

Indeed

Indeed is a worldwide employment-related search engine for job listings covering job types in all industries, including cybersecurity.

SecondWrite

SecondWrite

SecondWrite’s next-generation malware detection engine delivers a combination of automatic deep code inspection and accurate scoring of zero-day malware.

Netizen

Netizen

Netizen is an award-winning company that develops and leverages innovative solutions to enable a more secure cyberspace for clients in government and commercial markets.

Hyperproof

Hyperproof

Hyperproof is a cloud-based compliance operations software. Launch new programs immediately, collect evidence automatically, and manage a compliance program intelligently.

Information Technology Solutions (ITS)

Information Technology Solutions (ITS)

Information Technology Solutions is a single source provider for managing and securing mission-critical IT services.

Infinipoint

Infinipoint

Infinipoint pioneers the first Device-Identity-as-a-Service (DIaaS) solution, addressing Zero Trust device access and enabling enterprises of all sizes to automate cyber hygiene.

VP Techno Labs

VP Techno Labs

VP Techno Labs is an award-winning cybersecurity firm focusing only cybersecurity to develop cutting edge solutions for emerging business.

Kivera

Kivera

Kivera enforces your organisation governance and security policies across cloud deployments preventing misconfigurations turning into attack vectors.

iTRUSTXForce

iTRUSTXForce

iTRUSTXForce is a global provider of DigitalX (cybersecurity, privacy, and digital trust) services. We offer comprehensive services that focus on delivering outcomes for our clients.

X-PHY

X-PHY

X-PHY is a pioneering cybersecurity company dedicated to hardware-based cybersecurity solutions that protect data at its core.

Seasia Infotech

Seasia Infotech

Seasia Infotech is a leader in offering efficient, tailor-made and comprehensive digital transformation services.