The State of Ransomware Attacks in the UK & Ireland

Ransomware attacks continue to wreak havoc on the IT systems of organizations, enterprises, small businesses, and even government services around the world. A rapid and unexpected shift to work-from-home arrangements due to the pandemic increased the attack surface for cybercriminals.
As ransomware attacks surge, many high-profile incidents have made headlines across Ireland and the UK. This article highlights some of the major ransomware attacks in this part of the world along with actionable ransomware prevention strategies.


Four Recent Ransomware Attacks in the UK and Ireland

Ransomware attacks are relatively simple in concept and deadly in execution. Hackers gain access to IT systems and important files using malicious software. Upon gaining access, the hackers block legitimate users from using systems or files until a ransom is paid.

Hackers typically demand payment to unlock files or systems via cryptocurrency. Some cryptocurrencies, such as Monero, are very difficult to trace, which provides the anonymity these cybercriminals need. Ransomware was by far the most common attack method causing cybersecurity incidents in the UK in 2020. Here are some of the biggest ransomware incidents in recent times.


Newcastle University: August 2020

Newcastle University is featured in the top 200 of several lists ranking the world’s best universities. In August 2020, the DoppelPaymer ransomware gang targeted the University’s IT department, which caused severe disruptions to important University services.

Chronic underfunding in cybersecurity strategies by educational institutions makes them prime targets for cybercriminals. A 2020 study into the state of cybersecurity in the UK found that just 54 percent of University staff have received basic cybersecurity training. Until there’s a sector-wide movement to improve cybersecurity awareness and tools within education, Universities will remain particularly vulnerable to cyber attacks.


The Hospital Group: December 2020

The Hospital Group is a leading provider of cosmetic surgery procedures in the UK. In December 2020, a hacker group known as REvil revealed they’d carried out a successful ransomware attack on The Hospital Group. As a result of the attack, the group gained access to 900 gigabytes of before and after photos belonging to patients.

After the hospital refused to pay the ransom demanded by the hackers, the group threatened to release all images under their control. This incident serves as another example of cyber gangs targeting healthcare facilities due to the sensitivity of the data they collect. In the mind of a cybercriminal, the more sensitive the data, the more money they can demand.


Merseyrail: April 2021

In April 2021, UK rail network Merseyrail became the victim of a successful ransomware attack. The instigators of the attack claimed to have stolen personal data belonging to Merseyrail employees.

The hackers used LockBit, which is a relatively new family of ransomware that spreads rapidly through a network. In conducting the attack, hackers used phishing methods to compromise a privileged Microsoft Office 365 account.

The Merseyrail incident provided a reminder that cybercriminals have the potential to target critical transportation systems that keep society functioning. While this particular attack didn’t impact Merseyrail’s ability to run train services, there is certainly scope for hackers to cause future chaos in the transportation sector. In fact, due to the importance of transportation, hackers might feel companies are more likely to give into their demands so they can continue running their critical services.


Health Service Executive Ireland: May 2021

The Health Service Executive (HSE) is Ireland’s publicly funded health system. In May 2021, the HSE was hit by a ransomware attack conducted by cybercriminal gangs. The Irish government reported this incident as the most significant cyber attack ever on the Irish state.

Targeting a country’s vital health system in the midst of a global pandemic serves as a harrowing reminder of the moral vacuum that typifies cybercriminals’ attitudes. The disruption to critical IT systems severely impacted the provision of vital health services in Ireland.

No organization or industry is safe—where there’s money to be made and systems to exploit, attackers will target them whatever the knock-on effects. The harsh reality of what you’re dealing with when trying to combat cyber crime might be a bitter pill to swallow, but it’s also an important truth that can ensure you have the right protections in place.


Ransomware Prevention Best Practices

The figures look bleak at first glance; ransomware attacks increased by a staggering 62 percent in 2020 alone. However, succumbing to a ransomware attack is not an inevitability and there are things your organization can do. The following measures and best practices help combat this critical cyber threat:

  1. Have A Solid Backup Strategy

    Backing up important business data regularly goes a long way towards mitigating the worst outcomes of ransomware attacks. With robust data backups in place, you’ll never need to hand over sums of money to decrypt compromised information. It’s useful to have at least one copy of your data stored in an off-site storage location such as the cloud or even in mechanical tape drives.

  2. Increased Security Awareness

    Successful phishing attacks typically trick people into revealing credentials such as passwords that give hackers access to IT systems and data. Often, this access results in a ransomware attack.

    One way to prevent compromise via phishing is to increase employee security awareness about phishing techniques. This security awareness training should encompass other forms of social engineering, including baiting and scareware. Increased organization-wide security awareness provides a good foundation for fending off ransomware attacks.

  3. Partner With A Strong Email Security Provider

    While employee awareness can help combat phishing attempts, all it takes is one person to slip up and click the wrong link or get fooled by a well-written false email. A comprehensive and robust email security platform provides a crucial level of added protection against phishing and ransomware. A strong email security provider can help you block advanced threats like phishing before your employees ever receive them.

  4. Network Segregation

    By splitting your network into segments through the use of firewalls and other techniques, you can limit the infiltration of ransomware attacks across your network. Containing ransomware to one smaller network segment can result in far less damage than ransomware that is allowed to spread across an organization’s entire internal network.



Closing Thoughts

Ransomware isn’t going to go away in the UK and Ireland (or anywhere else). However, companies and organizations can go a long way towards mitigating and avoiding its damaging effects through proper prevention methods.

We invite you to learn more about how IRONSCALES can fight against this and many other types of phishing attacks by combining human and machine intelligence. Learn more at https://ironscales.com today.