UK businesses suffer the third highest rate of ransomware attacks in the world, surpassed only by the US and Canada, with small businesses most at risk of being targeted, according to NordLocker.

Published 28 September 2022, NordLocker’s analysis looked at the global distribution of ransomware attacks between January 2020 and July 2022, finding that regardless of geographic location, small businesses are at the highest risk, accounting for nearly two-thirds (62%) of all attacks.

NordLocker also found that, out of the 18 sectors analysed, business services (10.1% of all attacks), education (9.7%), construction (8.9%%), transportation (7.7%), and manufacturing (7.3%) industries are the most likely to be hit by ransomware in the UK specifically. A further 5.7% of ransomware attacks targeted UK’s public sector institutions.

Conti and LockBit were also found to be the two most active ransomware gangs in the UK, claiming responsibility for 22.2% and 11.5% of attacks, respectively. These were also the two most active ransomware gangs globally.

“Ransomware gangs usually decide who their next target is based on two criteria. The first one is how likely the targeted company is to pay up, which is weighed by looking at variables such as the company’s importance in supply chains, the quantity of confidential information that it handles, and other factors that, in the case of an attack, put pressure on the company to get operations back up and running,” said Tomas Smalakys, chief technology officer at NordLocker.

“The second criteria is more straightforward and primarily deals with the depth of the company’s pockets and how lacking in cyber defenses their business is. When you look at the data through this lens, you see why certain industries are more affected than others.”

He added that small businesses are top targets for ransomware gangs because they tend to treat cyber security as less of a priority than larger firms.

“Smaller companies justifiably prioritise growing their operation, leaving cyber security on the sidelines,” he said. “This, combined with the usually thin profit margins small businesses endure, makes them not only easy to hack but very likely to pay up as well, because they do not have the funds to sustain a prolonged halt to operations.”

However, according to Databarracks 2022 data health check, which surveys more than 400 IT decision-makers in the UK, 44% of enterprises affected by ransomware attacks opted to pay the ransom. Alternatively, 34% recovered data from backups, while 22% used ransomware decryption tools.

James Watts, managing director of Databarracks, said that while it is understandable why organisations might cave to the ransom demands – for example, because of downtime costs quickly exceeding the ransom itself and the inability to service customers) – there are several reasons why they should not.

“First, there’s no guarantee that you will get your data back. Second, it’s quite common for organisations to be attacked again once criminals know they are an easy target. Last, it sends the wrong message – by paying, you are indirectly encouraging the criminals, showing their tactics work,” he said.

“With the right preparation and guidance, however, you can recover your data and never have to pay the ransom. Patch and update systems regularly, train staff on spotting phishing emails, and maintain the principle of least privilege.

“Immutable storage and physical or logical air-gaps will protect backups from also being changed or encrypted. If you do suffer an attack, your backups are your last line of defence.”

To protect from the threat of ransomware, Smalakys further recommended that businesses encourage cybersecurity training (as 82% of attacks happen due to human error, according to Verizon’s 2022 data breach investigations report); ensure a regular backup process; keep software up to date; and adopt zero-trust network access.

In March 2022, Palo Alto Network’s Unit 42 found that ransomware demands and payments hit record highs in 2021, with ransomware gangs proliferating alongside Dark Web “leak sites” to pressure victims.

According to its analysis, the average ransomware demand rose 144% in 2021 to $2.2m, while the average payment climbed 78% to $541,010 in the same time.

It also found that the most affected industries, in the UK at least, were professional and legal services, construction, wholesale and retail, healthcare, and manufacturing.