UK ransomware attacks have shifted from broad campaigns to targeted, human-operated "big game hunting" methods, with a primary extortion tactic now being data exfiltration instead of file encryption. Small and medium-sized businesses are disproportionately affected, largely due to vulnerabilities in outdated "zombie tech" like legacy IoT devices, with a single decade-old flaw in a Hikvision IP camera cited as a major attack vector. The average attack dwell time of 181 days underscores the critical need for organizations to improve breach detection and patch legacy system vulnerabilities.
Data Security , Ransomware , Threat Intelligence , Small business UK ransomware attacks shift to targeted methods, small businesses most affected April 23, 2026 Share By SC Staff Per Tech Radar, ransomware incidents in the UK saw a significant drop in volume last year, yet the number of successful compromises rose by 20%. This indicates a strategic shift by attackers toward more sophisticated and targeted approaches. Security researchers at SonicWall reported that ransomware actors have moved away from broad, untargeted attacks to more human-operated, "big game hunting" methodologies. Small and medium-sized businesses (SMBs) were disproportionately affected, experiencing ransomware in 88% of breaches compared to 39% in large enterprises. A significant contributing factor is the prevalence of outdated "zombie tech," with a single decade-old flaw in a Hikvision IP camera leading to 67 million attack attempts. Furthermore, the primary extortion tactic has evolved from file encryption to data exfiltration, as it is a cheaper and equally effective method for cybercriminals. The findings highlight a need for organizations to address their "zombie tech" vulnerabilities and improve breach detection capabilities, as the average attack remains undetected for 181 days. Source: Tech Radar An In-Depth Guide to Ransomware Get essential knowledge and practical strategies to protect your organization from ransomware attacks. Learn More SC Staff Related Data Security OpenAI’s Chronicle mirrors Microsoft Recall’s privacy concerns SC Staff April 23, 2026 Chronicle functions by taking screenshots of the user's screen and feeding them to OpenAI's Codex agent to augment its memory with contextual data. Security Operations UK intelligence warns of widespread commercial spyware access by governments SC Staff April 23, 2026 The UK National Cyber Security Centre's report highlights an increase to 100 nations having access to these hacking tools, up from 80 countries estimated last year. Data Security Rituals confirms data breach of customer membership database SC Staff April 23, 2026 Hackers gained access to Rituals' membership database, stealing data that includes customers' full names, dates of birth, gender, postal and email addresses, and phone numbers. Related Events Cybercast Beyond the Hype: The Cybersecurity Trends CISOs are Keeping an Eye on in 2026 On-Demand Event Cybercast Beyond the data perimeter: Why next-generation DSPM is the foundation for modern data security On-Demand Event Virtual Conference Securing the Future of Finance: Strategies to Counter Modern Cyber Threats On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Checksum Ciphertext Corruption Covert Channels Cryptographic Hash Functions Cyclic Redundancy Check (CRC) Data Aggregation Data Loss Prevention (DLP) Information Warfare Reconnaissance You can skip this ad in 5 seconds