UK Suffers Third Highest Rate of Ransomware Attacks in the World

UK organisations suffer the third highest rate of ransomware attacks globally, with small businesses most at risk, a report by NordLocker has found.

According to its analysis, 260 organisations in the UK fell victim to ransomware between January 2020 and June 2022, a figure that’s only exceeded by Canada (276) and – in a distant lead – the US (2,379).

Across the UK, the education sector was the most frequently targeted, with 24 incidents. The other most vulnerable sectors were business services (23), construction (22), manufacturing (19) and transport (18).

Commenting on the report, Nordlocker Chief Technology Officer Tomas Smalakys said: “Ransomware gangs usually decide who their next target is based on two criteria.

“The first one is how likely the targeted company is to pay up, which is weighed by looking at variables such as the company’s importance in supply chains, the quantity of confidential information that it handles, and other factors that, in the case of an attack, put pressure on the company to get operations back up and running.

“The second criteria [sic] is more straightforward and primarily deals with the depth of the company’s pockets and how lacking in cyber defenses their business is. When you look at the data through this lens, you see why certain industries are more affected than others.”

Why are small businesses at risk?

Small businesses are vulnerable to cyber attacks because they lack the resources to address cyber security. As the costs associated with data protection spiral – with one report predicting that global spending to prevent cyber attacks is expected to increase by 75% between 2021 and 2025 – it becomes increasingly prohibitive to implement appropriate defences.

But this isn’t the only reason that small organisations are under threat, according to Smalakys. He believes that the problem isn’t simply that small organisations cannot afford cyber security defences but also that they view it as less of a priority than larger firms.

“Smaller companies justifiably prioritise growing their operation, leaving cyber security on the sidelines,” he said.

“This, combined with the usually thin profit margins small businesses endure, makes them not only easy to hack but very likely to pay up as well, because they do not have the funds to sustain a prolonged halt to operations.”

Despite this, small organisations consistently find the resources to pay cyber criminals who target their systems. A Databarracks report found that 44% of UK organisations paid up after falling victim to ransom.

This is in spite of experts urging organisations not to negotiate with cyber criminals. As they note, there is no guarantee that the criminal hackers will keep their word once they have been paid.

Moreover, cyber criminals often target organisations repeatedly once they know they are willing to pay a ransom demand. They correctly assume that the organisation doesn’t have appropriate measures in place to respond to a ransomware attack – such as backups – and therefore has no choice but to negotiate.

This demonstrates how important it is to take a proactive approach to cyber security. Something as simple as backing up your data might not prevent a ransomware attack, but it enables you to restore your systems without having to deal with the attackers, and it protects you from future extortion attempts.

Small organisations might not believe that they have the available resources to take these sorts of actions, but as the average ransomware payment hits $228,125 (about £210,000), they can’t afford not to.

What else should organisations do?

In addition to backing up sensitive files, organisations can prepare for ransomware attacks by deploying staff awareness training. As Verizon’s 2022 Data Breach Investigations Report notes, 82% of cyber security incidents are the result of human error – and this is no different for ransomware.

The majority of infections occur as a result of scam emails. Cyber criminals send bogus messages to their victims and ask them to download an attachment that contains malicious code.

By opening the file, the employee unleashes the ransomware and sets in motion an irreversible process whereby sensitive files across the system are encrypted.

To prevent this from occurring, organisations must help employees understand ransomware attacks and avoid falling for cyber criminals’ traps.

You can find all the guidance you need with our Ransomware Staff Awareness E-learning Course. This online training course is designed for all employees, regardless of their technical expertise, and explains what ransomware is and why it poses such a problem.

It covers the main forms of ransomware and how they work, plus essential tips on how you can spot the signs of an attack and what to do if you receive a suspicious message.