Skip to content Skip to footer

UK is second globally for ransomware attacks


New research from NordLocker has analysed which countries faced the most ransomware attacks in 2020 and 2021.

The study looked at 1,200 companies to establish the worst hit countries and industries in 2020 and 2021 – and the UK has come out in the number two position.

The full top five list, from the top, was: the US, the UK, Canada, France and Germany.

“The latest statistics indicate that a worrying 37% of companies worldwide became victims of ransomware in 2020,” said Oliver Noble, a cybersecurity expert at NordLocker.

“From Newcastle University, the UK’s leading education institution, to Whistl in the logistics industry, cyber attacks affect organisations across all sectors. Our research exhibits the extent of recent ransomware attacks and, at the same time, urges particular industries to exercise caution.”

He continued: “The UK is known for its financial sector, which took a major hit from hackers just last year when the UK-based foreign exchange provider Travelex paid a $2.3 million ransom, forcing a restructuring of the company and a loss of 1,300 jobs. Such attacks hurt companies not only through the ransom itself but also through the damaged reputation that comes as a result of an operations halt.”

NordLocker’s research also found construction to be the top industry hit by ransomware attacks, followed by manufacturing, finance, healthcare, education, technology and IT, logistics and transportation,, automotive, municipal services, and finally, legal.

“It is surprising how many companies still undervalue cybersecurity, inviting hackers to exploit their vulnerabilities,” said Noble. “When successfully attacked, companies lose access to all their employee data, customer details, client agreements, patents, and other valuable business information and threatened that this information will be stolen, leaked, or destroyed for good. To avoid a doomsday, i.e. business operations put to a standstill, damaged reputation, loss of clients, tiresome legal battles, and huge fines, some organisations are left with no choice but to pay the ransom to get the decryption key.”

The study also looked at the most prolific ransomware groups, citing Conti, REvil, DopplePaymer and PYSA as the worst.

Noble concluded, “Internationally operating law enforcement groups work hard to shut ransomware infrastructure down. Just a month ago, it was reported that a joint operation put REvil’s servers offline. However, the Russian Ransomware-as-a-Service gang is expected to re-emerge. Ransomware is no longer what only skilled hackers are capable of. Any paying user, AKA affiliate with little technical knowledge, can use the subscription-based model to employ already-developed tools to execute ransomware attacks against businesses.”

You may also like

Stay In The Know

Get the Data Centre Review Newsletter direct to your inbox.