‘Big Game Hunters’: UK ransomware volume drops significantly 'but the reality is more alarming' – big orgs are being hit harder and with greater success

News
By published

Ransomware actors are moving away from spray-and-pray attacks

An exclamation mark inside a red warning triangle, surrounded by email symbols, superimposed on someone typing on a laptop
(Image credit: Getty Images)
  • Ransomware incidents in the UK dropped sharply in volume but successful compromises rose significantly year-on-year
  • Attackers shifted to targeted, human-operated methods, with small businesses disproportionately affected compared to large enterprises
  • Outdated “zombie tech” and undetected breaches fueled millions of attack attempts, while data theft replaced file encryption as the primary extortion tactic

Last year, the volume of ransomware attacks in the United Kingdom fell by 87%. But before you pop that champagne and throw confetti into the air there is another, more alarming statistic: the number of UK organizations that were successfully compromised actually rose by 20% year-on-year.

These are the figures published by security researchers SonicWall. By measuring threats its firewalls stop right when they try to enter a network, the company uncovered that ransomware actors moved away from “spray-and-pray” techniques and towards a more targeted, human-operated “big game hunting” methodology.

The same report states that smaller organizations were more likely to be targeted by ransomware, since it was present in 88% of SMB breaches, compared to 39% at large enterprises.

Article continues below

Zombie tech

SonicWall also said that almost all of the UK recorded incidents (96.7%) happened in England.

If there is one thing we can point the finger at, it should be the “zombie tech” crisis, the researchers explained. Many organizations are running old, outdated and unsupported hardware, leaving gaping holes that cybercriminals can easily exploit. SonicWall said that a single, decade-old flaw in a widely deployed Hikvision IP camera resulted in 67 million attack attempts throughout the country.

The problem is only made worse by the fact that the majority of IT leaders (80%) are confident they can detect a breach within eight hours, even though the average attack remains unseen for a whopping 181 days. Automated threats, as well as AI-enabled attacks, have almost doubled year-on-year, further escalating the risk.

These days, ransomware attacks rarely include encryptors locking out access to vital documents. Instead, cybercriminals are focused solely on data exfiltration and the threat of releasing stolen files to the dark web. It is cheaper and easier to maintain, while being equally effective in terms of extorted funds.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.