Ransomware Attacks in the UK: Trends Since 2020
The UK Government defines Ransomware Attacks as “malicious software which infects a victim’s computer and demands a ransom from them to give them back access to their system, for their data to be restored, and often for the hackers not to publish the victim’s data on the web” (Gov.UK). The use of ransomware by cyber-criminals has spiked in recent years, specifically since the COVID-19 pandemic. The global cost of this malicious software is estimated between £30 billion and £139 billion in 2020 (BBC). Not only is this disruptive software becoming more frequently used in cybercrime, but it has also become more effective in its goal to derail businesses and threaten the security of private data.
The National Cyber Security Centre (NCSC), a government organisation in the UK that protects public and private sectors from cyberattacks and helps to deal with cyber incidents, managed 430 cyber incidents between September 2023 and August 2024; 13 of which were ransomware attacks that were deemed to be nationally significant, and posed a serious threat to essential services and/or the wider economy.
With this ever-increasing trend, governments and businesses all over the globe are taking measures to reduce the frequency of such events, as well as to mitigate the extent of damage caused by ransomware attacks. The UK Government, for example, on the 14th of January 2025, launched industry-leading proposals that look to protect public sector bodies from being targeted further by cybercriminals and ransomware.
Recent Ransomware Threats Across the Globe
Cyberattacks in recent years have become progressively more disruptive and dangerous, as the malware is further developed by cybercriminals. Here are some examples of recent attacks:
Marks & Spencer, 2025:
Over Easter bank holiday weekend, cyber criminals launched a ransomware attack on the much-loved British retailer Marks & Spencer (M&S), which disrupted, and is still disrupting the company. Having shut down online orders and payments for the past 3 weeks, it is estimated that M&S have lost around £40m in sales every week since the attack (BBC), as well as seeing its share price drop by 5% (BBC).
Co-op Food, 2025:
Shortly after the attack on Marks & Spencer in April, the same sort of cyber attack was experienced by Co-op Food. While the outcomes were not as disastrous as they could have been, thanks to Co-op’s risk response team deciding to take most of their IT systems offline before the criminals could do more damage, the attack resulted in a large quantity of wasted stock and empty shelves in many of its stores.
The NHS, 2024:
One of the many infamous cyberattacks in the UK was the critical incident in 2024, where the NHS’s pathology lab provider, Synnovis, suffered a huge data breach of almost one million patients’ sensitive data. The attack seriously disrupted the functioning of the business, as well as impeding patient treatment.
UAE Invest Bank, 2024:
The UAE is frequently targeted by cybercriminals. Dr Mohamed Al Kuwaiti (Head of Cybersecurity for the UAE Government) explains that cyberattacks and the use of ransomware have increased in frequency and volume due to rising geopolitical tensions. For instance, malware attacks in 2024 on the UAE Invest Bank led to a $3 million ransom demand. Upon refusing to pay the sum, the cybercriminals behind the attack published customer data, such as credit card details and purchase information.
The Costa Rican Government, 2022:
Another example of a devastating ransomware threat was in Costa Rica in 2022. The government was forced to declare a national emergency as critical systems were crippled, with an estimated loss of $ 125 million from the import/export industry alone.
The UK Government’s Response
Governments all over the globe are dealing with this growing threat in different ways. However, the UK Government have announced proposals that no other government has yet considered. These suggestions were brought about by ransomware gangs routinely targeting schools, hospitals, and local councils in the UK, as they use malware to steal and corrupt private data. The UK Government’s suggestions include:
- Creating a ‘targeted ban’, making it illegal for all public sector bodies and critical national infrastructure to pay ransomware to retrieve stolen data.
- Imposing a ransomware payment prevention regime, which would support victims in how best to respond to a cyberattack, and to block payments to known criminal groups. This would prevent the money acquired through cybercrime from being used to finance other organised crime.
- The final proposal is a mandatory reporting regime for ransomware incidents, to maximise UK Law Enforcement’s intelligence on cybersecurity threats.
These three proposals will be under consideration until April 2025. The Government hopes that its suggestions will make public sector businesses and organisations less attractive targets in the eyes of cybercriminals. With the ultimate goal of reducing the number of critical cyberattacks, alongside cutting off the criminal gangs’ financial supply.
Implications of the Legislation
While such proposals are the first of their kind in the cybersecurity sphere, we must question the efficacy of such measures, in addition to the possible implications. As Lior Div, CEO at Cybereason, remarks, “It does not pay to pay ransomware attackers. Paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organisation again, and in the end, only exacerbates the problem by encouraging more attacks”.
With this in mind, the UK Government’s strategy certainly would reduce the occurrence of ransomware payments, which could have the desired outcome of also reducing the frequency of attacks. However, by introducing criminal sanctions for non-compliance with such regulations, the Government leaves businesses in a difficult position concerning the retrieval of the stolen data. A further question to ask in the face of these proposals is whether
in making public sector institutions less appealing targets for cybercriminals, will attacks on smaller, private sector businesses increase in frequency and severity?
How Are Other Nations Tackling Cyber Threats?
Other countries, such as the USA, the UAE, and Australia are taking different approaches to this growing concern, however, all of which agree on the severity of the threat.
In the USA, for instance, ransomware incidents in the healthcare sector in 2022 costed an estimated $1.85million. In response to this, Anne Neuberger (a Senior White House Official), explained that the administration would look to implement defences that would make cyberattacks more difficult, and more costly; that being said, with the new Trump administration, the future steps towards protecting the USA from cyberthreats is unknown, as the President’s National Security Advisor, Mike Waltz, has called for more offensive cyber operations to combat such issues.
The Australian Government have recently introduced their own ‘Cyber Security Act’, which requires private sector companies responsible for critical infrastructure assets to report ransomware attacks, as well as any payments made to cybercriminals.
The UAE, on the other hand, is working on new laws and regulations which are to be introduced in the coming months to legislate against ransomware attacks and to encourage businesses to be vigilant and proactive in the face of cyber threats.
TenIntelligence’s Thoughts
It is clear to see that cybersecurity and ransomware attacks are becoming more prevalent in our everyday lives. Some even predict that by 2031, a ransomware attack will occur every two seconds, due to the popularisation of RaaS (Ransomware as a Service) on the dark web. With this, governmental action is essential. Richard Horne, CEO of the NCSC, agrees that the UK Government’s proposals are a “vital step” to “protect the UK from the crippling effects of ransomware attacks and the associated economic and societal costs”, but also adds that “organisations of all sizes need to build their defences against cyber-attacks such as ransomware, and our website contains a wealth of advice tailored to different organisations”.
Thus, business-owners are recommended to stay up to date and educate themselves on cybersecurity and data protection measures, paying special attention to Government recommendations.
Written by
Rebecca Hemingway | Due Diligence Analyst