UK is a top three ransomware target

Business services, education and construction were the most-targeted UK industries

Image:
Business services, education and construction were the most-targeted UK industries

Small and medium businesses suffered nearly two-thirds of all UK ransomware attacks.

The UK ranks third in a list of countries where businesses suffer the most ransomware attacks.

That's according to the latest report by NordLocker, which examined the worldwide distribution of ransomware attacks between January 2020 and July 2022. It found that the five nations most impacted are the United States, Canada, the UK, France and Germany.

Small UK firms are at the highest risk, regardless of their geographic location, accounting for 62% of all attacks.

NordLocker examined 18 sectors and found that business services suffered the highest number of ransomware attacks (10.1%), followed by education (9.7%), construction (8.9%), transportation (7.7%), manufacturing (7.3%) and public sector institutions (5.7%).

Conti and LockBit were the two most active ransomware gangs in the UK, claiming responsibility for 22.2% and 11.5% of attacks, respectively. They were also the most active groups worldwide.

Nearly half of all publicly confirmed ransomware attacks worldwide between January 2020 and July 2022 were directed at US organisations. In addition, ransomware groups' own websites list 5,200 attacks - of which nearly 2,400 involved US firms.

Organisations based in California, Texas, Florida and New York experienced the most ransomware attacks - although when the rate was adjusted for the number of active businesses in each state, companies in Michigan were found to be the most affected.

NordLocker CTO Tomas Smalakys said ransomware gangs often base their choice of victim on two criteria:

"The first one is how likely the targeted company is to pay up, which is weighed by looking at variables such as the company's importance in supply chains, the quantity of confidential information that it handles, and other factors that, in the case of an attack, put pressure on the company to get operations back up and running.

"The second criteria is more straightforward and primarily deals with the depth of the company's pockets and how lacking in cyber defences their business is."

While it's common to assume that larger businesses are attacked more frequently - possibly because they can afford to offer higher bounties - NordLocker has found that SMEs with between 11 and 200 employees were the most targeted.

Smalakys said this is because small firms tend to prioritise cyber security less than bigger do, or lack the resources to do so.

According to a research released in August by ransomware remediation company Coveware, fewer businesses paid ransoms in the second quarter of 2022 as a consequence of increasing pressure and policies put in place by law enforcement organisations and cybersecurity companies.

While the average ransom payment in Q2'22 was $228,125 (up 8% quarter-on-quarter), the median ransom payment fell 51% to $36,360.

Much like government agencies, Coveware advised victims not to pay a ransom in exchange for promises about what attackers could do, or for PR reasons.

US Energy Secretary Jennifer Granholm said in May last year, "We need to send this strong message that paying of ransomware only exacerbates and accelerates this problem.

"You are encouraging the bad actors when that happens."