According to a new report by the cryptocurrency research firm Chainalysis, cyber-crime gangs faced a 40% drop in earnings in 2022. Many of these groups raise money by hacking companies’ IT systems and refusing to relinquish control or threatening to publish sensitive data if a ransom is not paid. The Chainalysis report indicates that victims of these “ransomware” attacks are increasingly reluctant to pay out.
Nevertheless, the number of ransomware attacks continues to grow despite the fact that these attacks are becoming less effective as a source of revenue. The threats posed by ransomware attacks are serious, and the consequences of data breaches resulting from such attacks can be enormous for those affected.
The prospect of cyber-criminals getting access to our sensitive personal information is understandably a frightening one, as it can lead to a range of damaging consequences, from financial losses to reputational damage and identity fraud. So, while it’s cause for celebration that cyber-criminal gangs are seeing falling revenue, it’s important to still be vigilant – and to know what steps you can take if your data is exposed.
Ransomware victims more reluctant to pay up
The Chainalysis report indicates a substantial drop in the payouts received by ransomware attackers between 2021 and 2022, from $755m to $457m. This estimate is based on payments made to cryptocurrency wallets that are known to be associated with cybercrime gangs. However, Chainalysis have noted that this figure is likely an underestimate, as it is virtually impossible to identify all the crypto wallets operated by such gangs.
In an interview with the BBC, the cybersecurity specialist Bill Siegel noted that his clients were increasingly refusing to pay ransoms to hackers. He noted that only 41% of his clients paid ransoms in 2022, down from 70% in 2020.
Ransomware attacks still a risk
However, evidence shows that ransomware attacks are continuing to rise – and the UK is facing a particularly high risk. An analysis of ransomware attacks between January 2020 and July 2022 found that UK businesses suffered the third-highest rate of attacks in the world, with only the US and Canada being more frequently targeted. It is perhaps no coincidence that research has also found UK firms are the most likely to pay ransoms to cybercriminals.
We can look at a number of recent, high-profile cases to suggest that little has changed in the subsequent months since these analysis were published:
- In December last year, The Guardian newspaper suffered a ransomware attack that resulted in the personal data of its UK staff members being accessed. Most staff were forced to work from home into the new year as a result of the attack.
- In January, the Royal Mail suffered an attack by the prominent Russian-based ransomware gang LockBit. As of late February, the gang was continuing to leak stolen data related to Royal Mail employees in order to pressure the organisation into paying up.
- The same month, the high-profile hacking group Vice Society stole sensitive data from 14 UK schools, including passport scans and student disciplinary records. The group made the stolen data available on its site on the dark web after failing to receive a ransom payment.
As you can see, despite the decline in ransom payments to cyber-criminals in 2022, ransomware attacks still pose a major threat to the personal data held by UK companies.
While this is concerning, it’s important to know that there are steps you can take if your data is exposed in a data breach, whether this is caused by a cyber-attack or through some other means. This includes seeking compensation if you have suffered damages as a result of the breach, including financial losses or emotional distress.
HNK Solicitors can support your data breach claim
If your data has been exposed as the result of a cyber-attack, it can be an extremely distressing experience. The prospect of having your personal information made freely available online is deeply worrying, and understandably so – the consequences can be severe.
If you’ve been affected by a data breach, you should be aware that companies have a legal responsibility to protect any personal data they store. If they have failed to uphold this responsibility, you may be entitled to compensation to offset any damage caused.
If you are a data breach victim and considering seeking compensation, it’s important that you consult a specialist solicitor who can offer in-depth knowledge of data protection regulations to help support your case.
Here at HNK Solicitors, our team of data breach solicitors have helped many clients to secure the compensation they deserved after having their personal information exposed in a data breach. Our team offers free consultations to data breach victims, so get in touch today to find out more.