‘Bluff’ ransomware attacks bamboozle British businesses with cyber criminals raking in an average of over £13,000 per attack.

News flash: it isn’t just ransomware that businesses need to worry about. New research shows that two in five (39 percent) large UK businesses have fallen victim to a ‘bluff’ ransomware attack, with almost two thirds (61 percent) of those organisations paying a ransom as a result.

The research, commissioned by Citrix UK and carried out by One Poll, quizzed 500 IT decision makers in companies with 250 or more employees across the UK to try and better understand the threat of ‘bluff’ ransomware attacks – a criminal falsely stating that malicious software has successfully blocked access to an organisation’s computer system or data, but still demanding a sum of money to return access to the data.

‘Bluff’ ransomware, real ransoms

According to the figures, UK businesses hit with a ‘bluff’ ransomware attack are paying cyber criminals responsible for ‘bluff’ attacks an average of £13,412.29. Almost two thirds of large British businesses have paid out between £10,000-25,000 following this type of scam – but one in 20 (6 percent) ended up paying over £25,000 as a result of these faked ransomware campaigns.

Calling the ‘bluff’

Almost half (42 percent) of large British businesses have been contacted by a cyber-criminal claiming to have successfully launched a ransomware attack against their company system – and demanding payment. When faced with this situation, the majority (93 percent) have considered whether it might be a ‘bluff’, but just 37 percent of affected organisations avoided ‘falling for the bluff’ and chose not to pay out a ransom.

As we all know, cyber criminals are increasingly on the lookout for easy wins and lucrative targets – and in the process they are taking advantage of fears around ransomware to make money from ‘bluff’ attacks. With so many UK businesses falling victim to these scams, learning to distinguish real threats from a false attack can save considerable sums.

Sharing threat intelligence

The good news is that they vast majority of affected businesses are sharing information on ‘bluff’ ransomware attacks. Over half of large UK businesses shared that information with police forces (57 percent) and cybersecurity organisations, such as the National Cyber Security Centre (59 percent). Cybersecurity initiatives, such as No More Ransom, were also a key sharing avenue with 45 percent of affected businesses sharing information with these groups. Yet, surprisingly, less than a quarter (24 percent) of affected UK businesses shared that information with stakeholders, such as customers, partners and suppliers.

It’s possible to pinpoint a real attack and eradicate it with the correct technical expertise – but this expertise is in short supply. Good cyber hygiene, on the other hand, is readily available. By committing to the most robust cybersecurity techniques, companies can lessen the chances of falling prey to a real ransomware attack or creating any vulnerabilities which could lead them to believe their system has been hacked by cyber-attackers when it has not.

Ultimately, this research leaves a worrying impression that organisations may be treating ransomware as a cost of doing business – just like shrinkage and fraud in some sectors. This mentality may be resulting in British businesses paying out when it is not necessary, while simultaneously supporting cybercriminal activity.

If faced with a ransom demand, companies are forced into a difficult position. If the attack is real, paying up does not guarantee that the cyber thieves will return access to company data. Yet, affected companies may feel that they do not have the luxury of assuming that the attack is a bluff – and refusing to pay the ransom. Whether an organisation chooses to pay or not, sharing information on the ‘bluff’ attack is vital in ensuring that others do not fall victim to the same scam.


Citrix commissioned One Poll to conduct an online survey of 500 IT decision makers at companies across the UK with 250 or more employees between 18th November and 25th November 2016.

Gartner ShareFile Banner