• Rosanna Hayes

The UK Under Siege as Double Extortion Ransomware Attacks Soar


The Financial Times have released a warning, declaring the UK has the world’s second-highest number of double extortion ransomware attacks after the US. A study conducted by the Royal United Services Institute think tank and cyber specialists at BAE Systems declared the situation is “spiralling out of control”. Findings illustrated that all forms of ransomware hack have soared during the pandemic, as remote working has eroded cyber defences.


The report centred on the increasing problem of double extortion attacks, where hackers not only block access to an organisation’s systems, but also threaten to release corporate intelligence and other sensitive information unless a ransom is paid. Where customer and client personal details are at risk, data protection regulations further escalate the situation, threatening additional penalties and fines.


Since the shift to remote working, the use of cloud-based software and technology has exploded, opening new opportunities for cybercriminals to exploit. Our previous article exploring cyber coverage gaps, looked at how phishing, poor user practices, insecure remote access, and lack of end-user security training are the main causes of recent successful ransomware attacks. As these attacks become more sophisticated, we see a rise in threats to businesses entire electronic infrastructure.


In a report by Rusi and BAE, “unprecedented” damage was caused by double extortion attacks in 2020, where 1,200 attacks by operators of 16 different ransomware strains, claimed victims from 63 different countries. It is thought that the majority of these criminal groups are operating from Russia. James Sullivan, head of research at Rusi, gave a sobering plea, urging ministers to crack down on the issue. “We’re arguing that the current model to tackle ransomware is ineffective, and it’s up to policymakers now to get a grip”. Sullivan suggested increasing cyber defences, and government legislation to ban ransom payments, with support to victims in the recovery of their data, but also the pursuit of organisations that help criminals to launder the proceeds of crime.


The UK government has been urged to act, to stop criminals from carrying out malicious software attacks with “impunity”, as the research revealed that hacks using a new and aggressive form of ransomware have increased 200% in the last year.


In the last 2 years, cases of ransomware have hit alarming levels. STORMs CEO, Neil Hare-Brown spoke out in a webinar hosted by QBE insurance earlier this year, addressing the severity of the situation. In our proceeding article, we outlined the webinars findings and statistics. To summarise:

  • Q3 2020, saw a 50% increase in the daily average of ransomware attacks compared to the first half of the year. (Checkpoint)

  • The top ransomware types in Q3 2020, were Maze and Ryuk. (Checkpoint)

  • Ryuk ransomware (as an example) attacks 20 organisations a week. Other ransomware types such as Avaddon, Conti and many others are also behind the rapid growth in cyber incidents.

  • 80% of law firms report being hit by phishing attacks during 209 (Information Age Magazine)

  • The amount of money pilfered in email scams (in all their forms) has been rising as much as 300% (Information Age Magazine)

Neil had more to say on the prevention of Ransomware attacks. “It is clear that technology companies simply have not been doing enough to protect their customers. Ransomware is not a new attack! The encryption processes that the malware commands the infected operating systems to process are eminently detectable and preventable”.


He continued, “Finally, we are starting to see Intel and Microsoft focusing their efforts in developing their technologies to detect and block ransomware, but frankly, it is too little, too late. These incidents, coupled with others such as the recent Hafnium attacks, are showing that defenders are way behind the attackers.”


Examples of high-profile victims of ransomware include Travelex, the currency exchange business that was attacked in December 2019, and Fat Face, the fashion retailer that reportedly paid $2m in ransom. In both cases, cybercriminals threatened to publicise sensitive customer data - including credit card details - if ransoms were not paid. In the case of Travelex, this event, together with the effects of coronavirus, cost the company £25m.


The new chief executive of Britain’s National Cyber Security Centre, Lindy Cameron, gave her first public speech last week, declaring that “ransomware remains a serious - and growing - threat, both in terms of scale and severity”. She went on to say, “the threat is also becoming commoditised. The number of competent adversaries is increasing, through the creation and sale of high-end capability to anyone who can pay”. The risk is not just the theft of money or data from individual businesses, but also the loss of “key services”, Cameron said.


Findings from the Rusi study suggest that hackers are increasingly setting their ransom demands in accordance with the victim’s revenue, often seeking millions. Robert Hannigan, the European chair of the cybersecurity company BlueVoyant has suggested the government work more closely with insurers. The current process means that insurers may fund payments to ransomware operators under cyber cover policies and establishing boundaries on payments that satisfy criminals’ financial demands should not be the first response.


With cybersecurity in the spotlight and ransomware severity continuing to spike, organisations must act now; prevention is key. Cyber profiling will help businesses understand their cyber risks and enable them to make practical, often simple recommendations to help them remediate and reduce their attack surface.