Should you pay up? Donat SorokinTASS via Getty Images

Ransomware attacks, which see individuals and organisations locked out of their data unless they pay up, are on the rise. The apparent latest victim is the UK’s biggest forensic services provider, which was compelled to pay cybercriminals to regain access to its data, according to the BBC.

Eurofins Scientific, a Luxembourg-based provider of forensic services that conducts hundreds of millions of tests every year for police forces and security agencies worldwide, was hit with a ransomware attack in early June. Today, the BBC reported it had paid the ransom. Eurofins did not respond to a request for comment from New Scientist.

The attack is one of a number of high-profile incursions in the last few months. Lake City, Florida paid $530,000 in bitcoin to cybercriminals to unlock its data in June, and sacked its IT manager for falling victim to the attack. It follows an attack on another Florida city, Riviera Beach, which paid $600,000 to unlock encrypted files.


The strain of ransomware wreaking havoc is called Ryuk. It was unleashed by a Russian-based organised crime group called Grim Spider in August 2018. It is estimated that Ryuk earned its creators more than $3.7 million in its first four months of operation.

Ryuk, like most ransomware, secretes itself onto computers through malicious email attachments. Once on a PC, it attempts to disable anti-malware software, preventing it being detected, and has been known to lay dormant for weeks or months, according to an analysis by the UK’s National Cyber Security Centre.

When activated, it encrypts every file on the computer and directs the victim to send two encrypted files to an email address to be decrypted. The two files are returned, decrypted, along with a bitcoin wallet address. The victim must send an amount of bitcoins to this address in order to have the rest of their files unlocked.

“As criminals become more adept and the tools more sophisticated yet easier to obtain, fewer attacks are directed towards citizens and more towards small businesses and larger targets, where greater potential profits lie,” says Philipp Amann of Europol’s European Cybercrime Centre.

And as more affected organisations choose to pay out rather than lose their data, criminals become emboldened. “The reason we’re seeing so much ransomware is that it manifestly works,” says Alan Woodward of the University of Surrey.

Most of the Lake City ransom was recovered through insurance companies – though this week Lloyd’s of London, one of the world’s biggest insurers, said more clarity was needed about whether current policies covered such attacks.

Affected organisations feel more willing to pay the ransom because they only have to stump up a small percentage of the total amount. Lake City paid around $10,000 of the $530,000 ransom, with the insurance company picking up the rest.

Giving in to demands is dangerous, however. “You’re not guaranteed to get your system unlocked,” says Woodward, as the criminals have little incentive for them to unlock the data once they have the money. Doing so probably increases the likelihood of future attacks too: criminals distribute “suckers lists” of those who have proven susceptible to extortion.

Stopping such attacks is difficult, but there are things people can do. Municipal IT systems, where workers often have little understanding of the software they use, have been recent victims of ransomware. Better IT literacy – such as knowing not to open documents from strangers – would help prevent the spread.

And in theory, no one should need to pay if their data is correctly backed up and able to be restored – something we should all be doing anyway.