Major Hacks Highlight Evolving Ransomware Threat in Europe


A string of major hacks in Europe has put ransomware in the spotlight.

A type of malware that infects computer networks, ransomware threatens to publish the victim’s data or permanently block access to it unless a ransom is paid. And while some ransomware may lock the system without damaging any files, attacks often encrypt files and demand payment in return for the decryption keys.

The first incident to make headlines this month was a breach of the British postal service’s IT systems reported on Jan. 11. In a since-deleted tweet, Royal Mail asked people to stop sending mail abroad due to a “cyber incident” that was causing severe disruption.

While the mail operator made no further public comments, within days media outlets were reporting that the notorious hacker group LockBit and its eponymous ransomware were behind the disruption.

In comments emailed to PYMNTS, Hanah-Marie Darley, head of threat research at the U.K.-based cybersecurity firm Darktrace, called LockBit “one of the largest and most prolific ransomware gangs in operation.”

She noted that while the group typically targets financial institutions, in the past 18 months, LockBit has also attacked the French Justice Department, the U.K. Girl Guides charity and the German pension manager Heubeck AG.

What’s more, she added that “a key, wider trend at play here is the commoditization of cyber-crime, as seen with [ransomware-as-a-service].”

Rather than the LockBit threat coming from a distinct group of individuals, she further explained that the malware is auctioned off to the highest bidder, making it more difficult to identify the specific actor behind any given attack.

In the latest development of the Royal Mail case, on Tuesday (Jan. 17), the company’s CEO, Simon Thompson, acknowledged the “cyber attack” when speaking to a parliamentary committee — a telling change of tone from the company’s previous reference to a “cyber incident.”

Thompson added that while the mail service believes that no customer data has been compromised, it is prepared for that situation to change and has notified the U.K. data protection authority as a precaution.

Hackers Threaten Global Businesses

The day after Thompson testified in Parliament, the Norwegian company DNV announced that servers hosting its ShipManager fleet management platform had also fallen victim to a ransomware attack.

In the ShipManager case, the firm said that about 70 customers operating around 1,000 vessels had been affected, adding that the affected customers had been advised to consider mitigating measures depending on the types of data they had uploaded to the system.

That same week, fast-food company Yum Brands announced that 300 restaurant branches in the U.K. had been shuttered for 24 hours due to a ransomware attack that knocked out its IT systems. And while the company has admitted that data was stolen during the breach, it said that no customer information was compromised.

Overall, recent events point to increasingly sophisticated ransomware attacks, but with criminal organizations targeting major businesses, analysis from blockchain analytics company Chainalysis suggests that fewer victims are paying out.

In a report published this month, the firm revealed that ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before.

And while the company accepts that the actual figure is likely to be much higher than its data shows, the general trend is clear: ransomware payments are down. In fact, the data suggests that in 2022 after several years of decline, just 41% of ransomware victims paid out, compared to 76% in 2019.

Commenting on the latest data, Darktrace’s Darley said that while paying up as a method of recovery may have decreased, this represents “more of a metamorphosis or evolution in ransomware than a decline.”

Explaining that the availability of, and appetite for, high-value data that can be sold for profit is increasing with digital transformation, Darley said that extortion is just one monetization option available to criminal groups who compromise secure systems.

As such, she cautioned that “we are unlikely to see ransomware go away anytime soon and attackers will pivot to new methods of financial gain.”

For all PYMNTS EMEA coverage, subscribe to the daily EMEA Newsletter.