Why Ransomware Attacks are Most Common in the UK Today

March 22, 2023

One of the burgeoning threats within the IT industry in the UK is Ransomware attacks. These attacks have been affecting numerous organisations and businesses in the UK for several years, with significant increases in frequency during the COVID-19 pandemic.

Ransomware is a type of malicious software used by cybercriminals to encrypt files and documents within a computer system into unreadable data. As a result, the admins and the owners of the files will not be allowed to access their information. The cybercriminals will then demand ransom money from the victims to restore access.

Latest Ransomware Attacks faced by the UK

Analyzing the statistics provided by the UK Department for Digital, Culture, Media, and Sport, 8% of the UK organisations and businesses have encountered ransomware attacks during the past 12 months.

One of the most recent attacks was against the ticket machines of the UK government-run train operator, Northern Trains, where an attack was carried out against more than 600 servers operating the digital ticket self-service counters. While the systems were made unresponsive, forcing the operators to turn them off, customer and payment data were not compromised as a result of this attack.

Furthermore, the National Cyber Security Centre (NCSC) has identified an increase in the number of ransomware attacks against the education institutions such as schools, colleges, and universities in the UK. The concerning trend has been observed during August and September 2020, and then again in February 2021. The effects have caused loss and destruction of students’ coursework, school monetary documents, and other sensitive information. The Newcastle University of UK has faced a serious ransomware attack that disrupted its systems. After the cybercriminals successfully stole sensitive data, they published 750Kb of it and put this for sale on their online website as a proof. Similarly, a ransomware attack on South and City College in Birmingham has deactivated most of their central systems, causing widespread disruption.

Very recently a British retailer Furniture Village, the largest independent furniture retailer in the UK, was attacked with ransomware. The campaign resulted in serious distress for their customers. The company removed the affected systems in an attempt to reduce the scope of the attack and declared that there was no evidence that the private data of its customers or employees had been compromised. 

The reasons behind Ransomware Attacks in the UK

Due to the increase in remote communication because of the COVID-19 pandemic, phishing emails have continued to be one of the most common ways for delivering ransomware payloads to computer systems. In addition, cybercriminals have also found ways to target organizations via remote desktop protocol (RDP) and virtual private networks (VPN) as they sometimes utilise insecure passwords and very rarely employ multi-factor authentication (MFA). There have also been cases linked to unpatched weaknesses in internet-exposed software. 

Most commonly, cybercriminals send ransomware via a phishing email, which entices victims to open a malicious file or click on a link to a website that eventually downloads malware on their computer. Attackers can sometimes discover valid user credentials via public credential dumps or by harvesting credentials from phishing attacks (asking the users to enter their credentials in a fake portal under a convincing pretext). In addition, brute force, or more precisely password spraying attacks, can also be used to identify user credentials due to weak password policies. 

RDP misconfigurations and VPN vulnerabilities have also opened the pathway for cybercriminals to attack computer systems remotely, without targeting users. Since 2019, numerous weaknesses have been found in VPN appliances such as Citrix, Fortinet, Pulse Secure, and Palo Alto. Ransomware actors have used these weaknesses to obtain initial access to internal computer systems within the organization.

To secure the computer systems against ransomware attacks, it is important to ensure that an up-to-date antivirus or an Endpoint Detection and Response (EDR) product has been installed. Victims of ransomware attacks can either pay out the ransom and settle it, attempt to decrypt their data by themselves, or remove the affected computer systems from the network in a hope that the ransomware has not propagated. 

Due to the commonness of ransomware attacks, the best practice for UK organizations is to follow NCSC’s mitigating malware and ransomware guidance. This will assist organizations to protect their computer systems against ransomware attacks.