Industry News

Only 38% of businesses believe they will recover from a ransomware attack

There is no denying it – ransomware has become a significant threat for many companies and computer users.

Millions of dollars are being made each and every month by the online criminals launching ransomware attacks, bombarding users via poisoned email attachments and malicious website ads.

And Bitdefender’s predictions that ransomware would spread to operating systems other than Windows and Android in 2016, appear to becoming true.

Now a new study by security firm Tripwire suggests that a worrying small number of companies believe that they will be able to totally recover from a ransomware infection.

The company asked 200 security professionals attending the RSA 2016 conference in San Francisco about how confident they would feel that they could recover after losing critical data following a ransomware infection.


Only 38% of businesses questioned said that they were “very confident” that they could fully recover after such an attack. 49% related that they would be “somewhat confident”, and a worrying 13% admitted that they were not confident at all that recovery would be possible.

With the current spate of ransomware attacks, that’s a frightening statistic. And it suggests that many companies are not following the best practice steps required to reduce the chances of infection, and increase the likelihood of successful recovery if ransomware does manage to attack their systems.

The implication of this study is that more businesses and organisations might find themselves making the hard-to-swallow decision to actually pay the extortionists who infected their systems and encrypted their data, rather than simply recover lost data from a secure backup.

I’m sure nobody likes the idea of online criminals making millions out of ransomware attacks, extorting huge amounts of money out of poorly-prepared individuals and companies. If you don’t want your company to be the next ransomware casualty find out the simple ways to reduce the threat and make it your mission today to start doing secure, easy-to-restore, backups of your company critical data.

Because the advice of “just pay the ransom” leaves all of us who use the internet at greater risk of future attacks.

About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.


Click here to post a comment
  • There is absolutely no excuse for any corporation to be only somewhat confident or not confident here. There has never been a time where backups (and secured backups and even redundant) wasn’t a good idea and there never will be. Yet only 38% of businesses believe they will recover? It shouldn’t even be ‘believe’; they should know they will.

    And then there is the FBI. I do remember that they have suggested paying (sort of like them paying others to do their other deeds by participating in the exploit black market) and that’s hardly surprising but it’s still a bloody disgrace. And they wonder why they’re so unprepared. That governments (in any part of the world) participate in malware campaigns, buy exploits (including 0-days), and break into computer networks is not only exceedingly hypocritical (and arrogant) but also shows extreme stupidity (even for governments). Maybe it also shows why they’re unprepared (rely on others to do their work). If it wasn’t for the fact that governments keep track of people around the world or the innocent (however low a percentage?) workers of said organisations, I’d say good – serves them right. It still does serve them right when it affects them alone (which is to say it doesn’t affect the nation or anyone but themselves even indirectly) but there is no excuse for whining about what they do themselves and there is no excuse for not caring about the things they are supposed to be doing (and not only lie about their other doings but also lie about why they do those other things e.g. breaking into computer networks, spying on civilians etc.). Ironic (and perhaps amusing), isn’t it (as the BBC reported a while back), that the county council for Lincolnshire recovered from a ransomware attack … but yet major intelligence agencies can’t.

  • This figure itself shows how lethal these ransomewares have become. I was reading a news couple of days back where an entire hospital had to pay up the ransome only because a staff opened an ransomware email. After reading this news here, frankly speaking I’m not at all surprised. I still remember the threat posed by the ransomeware named Cryptolocker, which assumed notoriety 2-3 years back. I personally know many businesses that suffered a lot due to Cryptolocker. As many businesses (as the survey shows) believe they can’t recover fully once hit by a ransomeware, I believe there’s a necessity of a campaign to thwart such apprehension. Some of the precautions a business can undertake for protecting against ransomeware are –
    #1 Take regular back-up.
    #2 Avoid any kind of .exe file. If required, check the extension of a file before downloading. .exe files are the most common sources through which ransomeware make into your system. Always filter .exe files in emails.
    #3 Disable files from running from LocalAppData or AppData folders.
    #4 Remote Desktop Protocol should be disabled.
    #5 Always use a reputable security suite.
    Try these 5 basic precautions and you may experience the difference.