IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

UK ranks in top 10 countries worst affected by ransomware

Israel found to be the main source of ransomware samples out of more than 140 territories taking part in the VirusTotal research

The UK has been ranked number 10 on the list of countries worst affected by ransomware in a new report commissioned by Google.

The findings, based on ransomware samples submitted to Google Cloud subsidiary VirusTotal, revealed the UK now faces a similar number of active ransomware strains as those found in South Korea, Vietnam, China, Singapore, India, Kazakhstan, the Philippines, and Iran.

However, Israel was found to be the main source of ransomware samples out of the more than 140 countries studied, having submitted six times more samples than the baseline since research commenced in January 2020.

During this time, VirusTotal managed to identify at least 130 different active ransomware families, with the GandCrab ransomware-as-a-service platform being the most popular submission. GandCrab was found to be “the most active family in early 2020, before its prevalence decreased dramatically in the second half of the year”.

The decrease in activity could have been due to the August 2020 arrest of its distributor in Belarus. According to the country’s authorities, GandCrab targeted over 54,000 victims across 100 countries, including the UK, where it made up a significant chunk of the attacks against Manchester and London businesses.

Babuk and Cerber were found to be the second and third most active ransomware families, with VirusTotal noting a sizeable peak of Babuk activity around July 2021, when the strain returned to target corporate networks.

Related Resource

The best defence against ransomware

How ransomware is evolving and how to defend against it

Blue padlock Free download

Security researchers recently discovered that the source code for Babuk had been submitted to VirusTotal as part of its virus checker tool, raising speculation that those responsible for the strain may have submitted the sample themselves to determine whether it could be detected by the anti-malware industry.

Windows was found to be the main focus of cyber criminals, accounting for 95% of the ransomware targets, compared to only 2% for Android. VirusTotal recommended that organisations ensure that their patching strategy prioritises all SMB and Windows privilege escalation vulnerabilities. It also advised the regular monitoring of new waves of ransomware activity.

The report comes days after NCSC CEO Lindy Cameron said that ransomware “presents the most immediate danger to the UK”, as part of her speech during Monday’s Cyber 2021 conference at Chatham House. Cameron also noted that, despite the rise in attacks, many UK organisations “have no incident response plans, or ever test their cyber defences”.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022
Dell Technologies World 2022: Dell unveils security offerings for major cloud providers
public cloud

Dell Technologies World 2022: Dell unveils security offerings for major cloud providers

3 May 2022
How do you become an ethical hacker?
ethical hacking

How do you become an ethical hacker?

29 Apr 2022
What is phishing?
phishing

What is phishing?

29 Apr 2022

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Costa Rica declares state of emergency following Conti ransomware attack
ransomware

Costa Rica declares state of emergency following Conti ransomware attack

10 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022