Paying off ransom in exchange for information isn’t a new concerning tangent for the cybersecurity Ninjas. However, the UK has been recently bombarded with a series of ransomware attacks, especially steered towards the police and the education sector.
Some of the hard-hit companies and public bodies are the Royal Mail, Capita, Barts Health NHS Trust, the Greater Manchester Police, etc. All these instances have added up to reflect the UK as the second most attacked nation across the world, with an average loss of £3.4 million for each episode of data breach. This is an alarming figure as it represents a significant increase of 9% since 2020.
Top Victims of the Ransomware Wave Hitting the UK
By calculating and comparing the differences in the sizes of the economies of the UK and the US, it’s observed that the impact on the UK’s economy was nearly the same, although the US was hit by more number of attacks this year.
Reports show that these ransomwares had a surprisingly big appetite for the following public and privately owned bodies in the country.
Royal Mail
In the initial days of January 2023, printers situated at a Royal Mail facility in Northern Ireland inexplicably began generating messages declaring: “Lockbit Black Ransomware. Your data has been taken and encrypted.”
Faced with the inability to utilize their systems for sending packages and letters overseas, Royal Mail had to adopt alternative methods. This resulted in a six-week period during which more than 11,000 post office branches were incapable of managing international mail, and later received compensation for the revenue they lost. This incidence also accounts for one of the most enormous demanded ransoms of $80 million.
Image sourced from invgate.com
The Guardian
The personal data of readers, subscribers, and UK staff members of The Guardian newspaper was stolen. However, the risk of fraud was relatively lower as no evidence of data being exposed online was traced by the team in charge of the breach.
The Greater Manchester Police
In September 2023, the Greater Manchester Police fell victim to these chains of ransomware attacks through a third-party supplier that held sensitive data of GMP’s officers, including their ranks, photos, and serial numbers.
More than 12,500 officers were notified and suggested to stay on high alert as their personal details were breached. Earlier in August, the Metropolitan Police also experienced a similar information breach compromised through the same third-party supplier.
Both these police forces account for a total of 60,000 officers and staff members while also being the most occupied counter-terrorism units in Britain.
14 Schools
The infamous cybercrime group Vice Society targeted the UK’s education sector by hitting 14 schools, which led to the open submission of sensitive details on the dark web. The information breached included scans of students’ and parents’ passports, staff salary slips, contract details, a list of bursary fund recipients, etc.
The UK’s education sector alone accounted for a massive 16% of the total cybersecurity targets in the last one year. The primary causes of these attacks can largely be attributed to the absence of strong and specific cybersecurity protocols, including ransomware protection, and user practices.
This underscores the significant role of phishing awareness training within the organization’s security strategy, which is an essential component in ensuring a comprehensive defense against such threats. The schools that were on the radar of the malicious group were:
- Carmel College, St Helens
- Durham Johnston Comprehensive School
- Frances King School of English, London/Dublin
- Gateway College, Hamilton, Leicester
- Holy Family RC + CE College, Heywood
- Lampton School, Hounslow, London
- Mossbourne Federation, London
- Pilton Community College, Barnstaple
- Samuel Ryder Academy, St Albans
- School of Oriental and African Studies, London
- St Paul’s Catholic College, Sunbury-on-Thames
- Test Valley School, Stockbridge
- The De Montfort School, Evesham
Who is Behind these Ransomware Attacks?
The UK and the US are the hot targets of cyberattacks since English is their official language, which makes it much easier for hackers to penetrate the systems and intercept data. The threat actors must be well-versed in the language used by their target to be able to operate and manipulate systems for compromising data. This is the reason why Germany and France have a low cybercrime rate despite being home to many high-profit-making companies.
It was observed that most breaches are linked to Eastern Europe, former Soviet Republics, and Russia in particular. Moreso, another new name came into the limelight- Clop group, which is named after the ransomware strain they used to fulfill their malicious intentions.
In addition to these, many other cybercrime gangs are suspected to be behind these waves of ransomware attacks, and the majority of them have Russian links or are native Russians.
These breaches have compromised data on potentially more than 5.3 million people ranging across 700 organizations. What’s even more alarming is the fact that this figure doesn’t accommodate all the people potentially affected by these nefarious acts; there’s more to this number!
As per ICO, 706 ransomware attacks were reported in the UK in 2022. The incidents slew down a little during February and March owing to Russia’s invasion of Ukraine; otherwise, the count would have been worse.
Time and again, Russia has denied the accusations of harboring ransomware and phishing masterminds; however, as per a group of researchers, 74% of money transferred as ransom in 2021 went to Russia-backed malicious entities. They add that more than $400 million worth of cryptocurrency payments have been directed toward Russia-affiliated groups and RaaS providers.
As per the analysts, they followed the transmission of ransom through ins and outs and made conclusions by reading the following characteristics pointing towards the involvement of Russians in most of these attacks-
- The ransomware code is designed to avoid causing harm to files if it identifies that the victim’s computers are situated in Russia or any CIS country.
- The group functions in the Russian language on forums where Russian speakers communicate.
- The gang has connections to Evil Corp, an accused cybercrime organization that is trusted to get funded by Russia.
What’s the Take of DuoCircle?
Ransomware attacks, or any cyberattack for that matter, mostly emerge out of security loopholes, which indicate a lack of robust cybersecurity mechanisms in the first place. Public and private bodies must detect intrusions and devise sound strategies for patching vulnerabilities in internet-driven structures.
We suggest placing a credible and capable cybersecurity team along with deployment of SPF, DKIM, DMARC, multi-factor authentication, endpoint detection and response, managed detection and response, antivirus, blocklisting, allowlisting, zero-trust policy, and other similar defensive tools and policies.
Most importantly, conducting regular and mandatory employee awareness and education sessions should be a non-negotiable bullet point of the deal.