- Ransomware incidents in the UK dropped sharply in volume but successful compromises rose significantly year-on-year
- Attackers shifted to targeted, human-operated methods, with small businesses disproportionately affected compared to large enterprises
- Outdated “zombie tech” and undetected breaches fueled millions of attack attempts, while data theft replaced file encryption as the primary extortion tactic
Last year, the volume of ransomware attacks in the United Kingdom fell by 87%. But before you pop that champagne and throw confetti into the air there is another, more alarming statistic: the number of UK organizations that were successfully compromised actually rose by 20% year-on-year.
These are the figures published by security researchers SonicWall. By measuring threats its firewalls stop right when they try to enter a network, the company uncovered that ransomware actors moved away from “spray-and-pray” techniques and towards a more targeted, human-operated “big game hunting” methodology.
The same report states that smaller organizations were more likely to be targeted by ransomware, since it was present in 88% of SMB breaches, compared to 39% at large enterprises.
Zombie tech
SonicWall also said that almost all of the UK recorded incidents (96.7%) happened in England.
If there is one thing we can point the finger at, it should be the “zombie tech” crisis, the researchers explained. Many organizations are running old, outdated and unsupported hardware, leaving gaping holes that cybercriminals can easily exploit. SonicWall said that a single, decade-old flaw in a widely deployed Hikvision IP camera resulted in 67 million attack attempts throughout the country.
The problem is only made worse by the fact that the majority of IT leaders (80%) are confident they can detect a breach within eight hours, even though the average attack remains unseen for a whopping 181 days. Automated threats, as well as AI-enabled attacks, have almost doubled year-on-year, further escalating the risk.
These days, ransomware attacks rarely include encryptors locking out access to vital documents. Instead, cybercriminals are focused solely on data exfiltration and the threat of releasing stolen files to the dark web. It is cheaper and easier to maintain, while being equally effective in terms of extorted funds.
