Uk third in the world by ransomware attacks – who are the targets?

A unique look into ransomware attacks that affected companies with 3.6T GBP of combined revenue The UK is 3rd in the world by ransomware attacks, new research by cybersecurity company NordLocker reveals. The new study analysed numerous databases of ransomware incidents that affected over 5,000 companies...

A unique look into ransomware attacks that affected companies with 3.6T GBP of combined revenue

The UK is 3rd in the world by ransomware attacks, new research by cybersecurity company NordLocker reveals. The new study analysed numerous databases of ransomware incidents that affected over 5,000 companies worldwide. With a collective revenue of 3.6 trillion GBP, the companies under investigation produce more value than Germany’s entire GDP.

The research was conducted with the purpose of discovering which companies are at the highest risk of being targeted by ransomware. Apart from the geographic variable, researchers looked at factors such as which ransomware groups are the most active, the most affected industries, company revenue and employee count.

“Ransomware is a type of cyberattack that forces a company’s operations to a halt by taking possession of its most crucial and sensitive files and demanding a ransom from the company to get the data back. This type of attack is extremely effective. In the past few years cases have grown exponentially, while cybersecurity awareness has failed to catch up,” says Tomas Smalakys, NordLocker’s CTO.

Business Services is the top industry to be hit by ransomware in the UK

Nordlocker’s research found that out of 18 industries identified, business services (10.1% of all attacks), education (9.7%), construction (8.9%), transportation (7.7%) and manufacturing (7.3%) industries are the most likely to be hit by ransomware in the UK.

“Ransomware gangs usually decide who their next target is based on two criteria. The first one is likely the targeted company is to pay up, which is weighed by looking at variables such as the company’s importance in supply chains, the quantity of confidential information that it handles and other factors that, in the case of an attack, put pressure on the company to get operations back up and running. The second criteria is more straightforward and primarily deals with the depth of the company’ pockets and how lacking in cyber defenses their business is,” says NordLocker’s Tomas Smalakys. “When you look at the data through this lens, you see why certain industries are more affected than others.”

Small businesses beware

Business size is another major indicator of how likely a business is to be targeted by a ransomware attack. In the UK, small-sized businesses are at the highest risk, accounting for nearly two-thirds of all attacks (62.1%). Companies with an employee count of between 51-200 are the victims of 34% of attacks and those with between 11-50 employees are victims of 19.1% of ransomware hacks, while those with between 201-500 deal with 14.9% of attacks.

“Small businesses are top targets for ransomware gangs because for them, cybersecurity is often an afterthought. Smaller companies justifiably prioritise growing their operation, leaving cybersecurity on the sidelines. This combined with the usually thin profit margins small businesses endure, makes them not only easy to hack but very likely to pay up as well because they do not have the funds to sustain a prolonged halt to operations,” says Tomas Smalakys.

What else did the research find?

  • Among the affected organisations are some of the most influential institutions worldwide, including a leading University in Northern UK and a Fortune 500 accounting firm that advises over 100,000 private businesses.
  • Conti and LockBit are the most active ransomware gangs in the UK, responsible for 22.2% and 11.5% of attacks, respectively.
  • 4.8% of affected businesses employ more than 10,000 employees.
  • 5.7% of ransomware attacks targeted public sector institutions.
  • 7.2% of targeted companies in the UK have annual revenue of more than 1 billion USD.

What is ransomware and how can companies protect themselves from it?

By definition, ransomware is a type of malware that restricts users’ access to their files and demands payment. But how it does it, what kind of payment is requested and what is encrypted differ greatly.

Ransomware has been used for decades. Some criminals demand a $50 ransom and others ask for $30 million. The effectiveness of the attack results from most companies being ill-equipped to deal with it. To increase the likelihood of the ransom being paid, criminals may also threaten to post the victim’s data online.

In order to protect your business from ransomware, Tomas Smalaky’s recommends the following practices:

  • Encourage cybersecurity training – Investing into your employee’s knowledge is the most cost-effective way to protect your organisation from ransomware, as 82% of cyber attacks happen because of human error. It should be organised regularly and have a holistic approach that covers every employee.
  • Ensure a regular backup process – Backups can’t stop cyberattacks, but they give the company leverage. Even if a company becomes a target for ransomware, the ability to restore data immediately will guarantee business continuity.
  • Keep software up to date – Most cyberattacks either use social engineering to exploit the flaws in human nature or malware utilising outdated software. Make sure everyone at the company understands how important it is to keep software up to date.
  • Adopt zero-trust network access, meaning that every access request to digital resources by a staff member should be granted only after their identity has been appropriately verified.

Methodology: Data was collected from publicly available blogs where ransomware gangs post the names of their victims and their demands. The ransomware attacks under investigation all happened during the period between 01/01/2020 to 01/07/2022. Financial and industry information was collected from publicly available databases. The exchange rate from USD to GBP was 1 to 0.87 at the time of conversion (2022.09.01)

The full report can be found here:


NordLocker is the world’s first end-to-end file encryption tool with a private cloud. It was created by the cybersecurity experts behind NordVPN – one of the most advanced VPN service providers in the world. NordLocker is available for Windows and macOS, supports all file types, offers a fast and intuitive interface and guarantees secure sync between devices. With NordLocker, files are protected from hacking, surveillance and data collection.

Further information


Follow us