Jumpsec shares its 2022 ransomware trends

Cybersecurity analysts at Jumpsec have compiled a live data log to track UK Ransomware activity, including data reported by ransomware groups.

JUMPSEC threat intelligence analysts have gathered data using a mixture of manual investigation and automated bots to search or ‘scrape’ the public-facing domains of the ransomware threat actors and openly available information for ransomware victims. This is not limited to ‘official’ data, and is instead drawn from the breaches claimed by ransomware groups themselves – which often differs from those reported by victims. 

Cyber magazine shares some of Jumpsec's 2022 reported trends.

  • The UK’s share of global activity has been consistent, at just 5% of total global ransomware activity (shifting 0.1% over a year), with the UK representing 314 from a global total of 5,869 ransomware cases.
  •  Education, Retail and Wholesale Trade and Law are the most targeted industries, but we must examine the financial size and capacity of victimised organisation to gain a more realistic insight on the true sector-by-sector impact of ransomware in the UK.
  • The Legal Sector appears to be the third most victimised industry in the UK, however the sector’s combined cash in the bank assets is one of the lowest of the industries included above at just £5.39 million, as compared to a massive £198m for the Construction industry and £337m for Retail and Wholesale Trade. Further analysis of the financial status of victims is provided later.
  • The UK public and private sector breakdown shows 92.9% of attacks on the private sector
  • Although small businesses are naturally targeted more frequently (as there are simply more of them) their accumulative Cash in the Bank Assets of £295 million are only a fraction of medium (£531 million) and large businesses (£1.22 billion) Cash in the Bank Assets.
  • Of the most highly targeted industries, Retail and Wholesale Trade seems to represent the most lucrative target in terms of both Cash in the Bank and Total Assets. Cash in the Bank assets is the leading metric when assessing an organisation’s ability to pay a ransom, with some exceptions. For example, if an organisation’s net assets are in the red (i.e. they are in debt or are financially insolvent), the organisation would perhaps be less able to pay despite their cash assets.
  • The most prevalent ransomware group in the UK since the current ransomware wave began in 2020 has been Conti, closely followed by LockBit
  • As of July 2022, two of the most notorious groups, REvil and Conti, have been essentially shutdown after drawing too much attention from international law enforcement (or more specifically the US authorities, who appear to have had some impact on major ransomware groups’ activities).
  • JUMPSEC’s data shows that: 86% of UK ransomware attacks go completely unreported in typical media sources. Even amongst the remaining 14% of reported cases, many organisations only admit a breach has occurred after being outed by attackers online, or do not report the attack directly via their own website.
  • Ransomware attackers posted attacks on their own sites before the victims or media 60% of the time.

Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI