Organizations in the United Kingdom reportedly suffered a record number of ransomware attacks last year, according to analysis of a dataset published by the Information Commissioner’s Office (ICO).
In its data security incident trends – which “are reported to the data protection regulator – the ICO found that criminals compromised data on potentially more than 5.3 million people from over 700 organizations,” the team at Elliptic noted in a blog post.
Elliptic also mentioned that ransomware is “a form of cybercrime in which bad actors use malware to encrypt data on victims’ computers or deny them access to critical systems, and demand a ransom payment in return for restoring access to the victim.”
Elliptic further explained that this form of crime “has existed for several decades, and it has become especially lucrative in recent years as criminals have identified ways to launch attacks with increasing effectiveness and efficiency.”
According to analysis of the ICO data, the number of ransomware attacks “in the UK have been steadily increasing. Such breaches reportedly accounted for 20% of all cyber crime incidents in 2020, before rising to 28% the year after and then 34% in 2022.”
Worryingly, the real number of ransomware incidents “is actually unknown, as victims are not required to report attacks to UK law enforcement.” Furthermore, darknet extortion sites only provide “a partial count of victims who refuse to pay ransoms.”
This has concerned UK enforcement agencies, “which are fearful that ransomware victims are keeping incidents a secret.”
In May 2023, the ICO and the National Cyber Security Centre (NCSC) published “a joint blog post saying they were ‘increasingly concerned’ that affected organizations are keeping such incidents hidden from regulators and law enforcement.”
The attacks are, of course, not simply “confined to the UK, and the scope and scale of these breaches is growing.”
As noted in the update from Elliptic, cryptoassets have featured “heavily in the growth of ransomware.”
Most ransomware payments are “made in Bitcoin, which enables attackers to receive payments from victims into private Bitcoin wallets that are not held at a regulated institution.”
However, after receiving payment in Bitcoin from their victims, ransomware attackers generally need “to convert their funds at a crypto exchange or other VASP into fiat currencies, such as Russian rubles, euros or other currencies.” And because the Bitcoin blockchain is highly transparent, the flow of funds from these attacks “can be observed as ransomware gangs attempt to launder them through the crypto ecosystem.”
Ransomware attackers may use services “such as decentralized exchanges (DEXs), which allow them to swap assets seamlessly, and cross-chain bridges, which allow for the movement of funds across different blockchains, in order to obscure a sanctions nexus to their activity.”