Attacker-reported ransomware incidents increased by 17% annually in the UK last year, despite a global decline in overall volumes, according to Jumpsec.
The London-headquartered security vendor compiled its annual trends report from manual investigation techniques and automated bots designed to scrape public-facing websites run by ransomware actors.
It said that data from the first part of 2023 shows signs of a continued uptick in ransomware compromises this year.
Although the National Cyber Security Centre (NCSC) had previously predicted we would see “a more diverse and capable ransomware landscape” following the decline of the prolific Conti group, LockBit appears to have taken the former’s mantle – globally and in the UK.
Recent high-profile attacks on Royal Mail, Ion Trading and Pendragon pushed LockBit to over 30% of all UK ransomware incidents in 2022, while worldwide it accounted for 52%, Jumpsec said.
Read more on LockBit: LockBit Dominates Ransomware Campaigns in 2022: Deep Instinct.
“However, the total attack figures alone are only part of the story. In terms of the financial profile of targeted UK organizations, LockBit are not the primary threat to more typically ‘cash rich’ organizations,” Jumpsec said.
“Karakurt (thought to be an offshoot or rebrand of Conti) have emerged as a threat both in the UK and globally and have predominantly been responsible for attacks on large UK organizations with cash-in-the-bank assets exceeding £20 million.”
Elsewhere, Vice Society has emerged as a serious threat to the UK education sector, making it by far the most targeted vertical in 2022, followed by legal then retail.
However, the identities of the various groups are less important than building effective best practice cyber-resilience, according to Jumpsec researcher Sean Moran.
“Threat actors may operate using multiple ransomware strains, and groups can disappear, rebrand and re-emerge often without consequence – making it unwise to put too much weight on the changing fortunes of any individual group,” he argued.
“However, we hope that understanding the tactics, techniques and procedures (TTPs) of ransomware groups and their desire to target particular sectors or sizes of business can help organizations identify potential vulnerabilities and develop effective strategies to mitigate risk.”
A SonicWall report earlier this year claimed ransomware volumes declined globally by 21% year-on-year in 2022, although those in the UK rose 112%.