News

UK ranks in top 10 countries worst affected by ransomware

Israel found to be the main source of ransomware samples out of more than 140 territories taking part in the VirusTotal research

14 Oct 2021

Red computer screen with "RANSOM!" on it

The UK has been ranked number 10 on the list of countries worst affected by ransomware in a new report commissioned by Google.

The findings, based on ransomware samples submitted to Google Cloud subsidiary VirusTotal, revealed the UK now faces a similar number of active ransomware strains as those found in South Korea, Vietnam, China, Singapore, India, Kazakhstan, the Philippines, and Iran.

However, Israel was found to be the main source of ransomware samples out of the more than 140 countries studied, having submitted six times more samples than the baseline since research commenced in January 2020.

During this time, VirusTotal managed to identify at least 130 different active ransomware families, with the GandCrab ransomware-as-a-service platform being the most popular submission. GandCrab was found to be “the most active family in early 2020, before its prevalence decreased dramatically in the second half of the year”.

The decrease in activity could have been due to the August 2020 arrest of its distributor in Belarus. According to the country’s authorities, GandCrab targeted over 54,000 victims across 100 countries, including the UK, where it made up a significant chunk of the attacks against Manchester and London businesses.

Babuk and Cerber were found to be the second and third most active ransomware families, with VirusTotal noting a sizeable peak of Babuk activity around July 2021, when the strain returned to target corporate networks.

Related Resource

The best defence against ransomware

How ransomware is evolving and how to defend against it

.imgHideOnJavaScriptDisabled_4059a0skuzq1exx { display: none !important; }

Free download

Security researchers recently discovered that the source code for Babuk had been submitted to VirusTotal as part of its virus checker tool, raising speculation that those responsible for the strain may have submitted the sample themselves to determine whether it could be detected by the anti-malware industry.

Windows was found to be the main focus of cyber criminals, accounting for 95% of the ransomware targets, compared to only 2% for Android. VirusTotal recommended that organisations ensure that their patching strategy prioritises all SMB and Windows privilege escalation vulnerabilities. It also advised the regular monitoring of new waves of ransomware activity.

The report comes days after NCSC CEO Lindy Cameron said that ransomware “presents the most immediate danger to the UK”, as part of her speech during Monday’s Cyber 2021 conference at Chatham House. Cameron also noted that, despite the rise in attacks, many UK organisations “have no incident response plans, or ever test their cyber defences”.