Jumpsec shares its 2022 ransomware trends

Cybersecurity analysts at Jumpsec have compiled a live data log to track UK Ransomware activity, including data reported by ransomware groups.

JUMPSEC threat intelligence analysts have gathered data using a mixture of manual investigation and automated bots to search or ‘scrape’ the public-facing domains of the ransomware threat actors and openly available information for ransomware victims. This is not limited to ‘official’ data, and is instead drawn from the breaches claimed by ransomware groups themselves – which often differs from those reported by victims. 

Cyber magazine shares some of Jumpsec's 2022 reported trends.

  • The UK’s share of global activity has been consistent, at just 5% of total global ransomware activity (shifting 0.1% over a year), with the UK representing 314 from a global total of 5,869 ransomware cases.
  •  Education, Retail and Wholesale Trade and Law are the most targeted industries, but we must examine the financial size and capacity of victimised organisation to gain a more realistic insight on the true sector-by-sector impact of ransomware in the UK.
  • The Legal Sector appears to be the third most victimised industry in the UK, however the sector’s combined cash in the bank assets is one of the lowest of the industries included above at just £5.39 million, as compared to a massive £198m for the Construction industry and £337m for Retail and Wholesale Trade. Further analysis of the financial status of victims is provided later.
  • The UK public and private sector breakdown shows 92.9% of attacks on the private sector
  • Although small businesses are naturally targeted more frequently (as there are simply more of them) their accumulative Cash in the Bank Assets of £295 million are only a fraction of medium (£531 million) and large businesses (£1.22 billion) Cash in the Bank Assets.
  • Of the most highly targeted industries, Retail and Wholesale Trade seems to represent the most lucrative target in terms of both Cash in the Bank and Total Assets. Cash in the Bank assets is the leading metric when assessing an organisation’s ability to pay a ransom, with some exceptions. For example, if an organisation’s net assets are in the red (i.e. they are in debt or are financially insolvent), the organisation would perhaps be less able to pay despite their cash assets.
  • The most prevalent ransomware group in the UK since the current ransomware wave began in 2020 has been Conti, closely followed by LockBit
  • As of July 2022, two of the most notorious groups, REvil and Conti, have been essentially shutdown after drawing too much attention from international law enforcement (or more specifically the US authorities, who appear to have had some impact on major ransomware groups’ activities).
  • JUMPSEC’s data shows that: 86% of UK ransomware attacks go completely unreported in typical media sources. Even amongst the remaining 14% of reported cases, many organisations only admit a breach has occurred after being outed by attackers online, or do not report the attack directly via their own website.
  • Ransomware attackers posted attacks on their own sites before the victims or media 60% of the time.

Featured Articles

UK police cyberattack a reminder of third party risk

Cyber criminals use back-door suppliers cyberattack to spread alarm through Britain's biggest police force

Building Cyber Resilience into ‘OT in Manufacturing’ webinar

Join Acronis' webinar, Building Cyber Resilience into ‘OT in Manufacturing’, 21st September 2023

Trustwave report on hospitality industry security threats

Nearly 31% of hospitality organisations have reported a data breach in their company’s history, according to a Trustwave cybersecurity report

Barracuda Managed XDR uses AI to uncover cyber incidents

Technology & AI

Imperva: 32% of work data breaches could have been avoided

Operational Security

Supply chain cyberattacks seen as catastrophic for business

Cyber Security