This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their dark web sites. In this report, “known attacks” are attacks where the victim opted not to pay a ransom. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. Between April 2022 and March 2023, the UK was a prime target for ransomware gangs. During that period:
- The UK was the second most attacked country in the world.
- Royal Mail was hit with the largest known ransom demand ever: $80 million.
- The education sector was hit far harder than in other countries.
- The UK was a prime target for Vice Society, which targets education.
In August 2022, a ransomware attack on IT supplier Advanced caused widespread outages across the UK’s National Health Service (NHS), the biggest employer in Europe and the seventh largest in the world. The attack affected services including patient referrals, ambulance dispatch, out-of-hours appointment bookings, mental health services and emergency prescriptions.
Later that year, British newspaper The Guardian experienced a major ransomware attack that shut down part of its IT infrastructure. The Guardian, which operates one of the most visited websites in the world, described the incident as a “highly sophisticated cyberattack involving unauthorised third-party access to parts of our network”, most likely triggered by a successful phishing attempt. In January 2023, Britain’s multinational postal service, Royal Mail, was attacked by LockBit, arguably the world’s most dangerous ransomware, which demanded the biggest ransom we have ever seen anywhere, in any country: $80 million. Royal Mail rejected the demand, calling it ‘absurd’, and LockBit consequently published the files stolen from the company alongside an illuminating transcript of the negotiation between the two parties.