Hacking Havoc: How the UK was Targeted by Cybercriminals

The UK and the US

Between April 2022 and March 2023, the UK had the second-highest number of recorded ransomware attacks worldwide, following the United States. However, the number of ransomware attacks in the United States far outnumbers that of the UK. Given the large discrepancy between the two countries, it would be simple to conclude that ransomware is, first and primarily, an American problem.

It isn’t.

Fragile State of Education

The BBC stated that Vice Society, the second-most frequent ransomware attack after LockBit, had attacked 14 institutions in the UK in 2023 alone, including Carmel College in St Helens, Durham Johnston Comprehensive School (hacked in 2021, documents put online in January 2022), and Frances King School of English in London/Dublin.

Vice Society does not reinvent the wheel when it comes to breaking into its victims' networks. To gain a foothold, it employs well-known techniques like as phishing, compromised credentials, and exploits. To escape detection by security technologies, Vice Society is also known to employ genuine software in its attacks. This approach, known as "living off the land," allows the gang to remain hidden on the victim's networks. Windows Management Instrumentation (WMI), which allows administrators to manage and monitor PCs from a remote location, is one of the tools it prefers. The only viable approach to detect attackers living off the grid is to use EDR software managed by trained security personnel or a service like MDR.

We can only surmise as to why Vice Society is so interested in UK schools, colleges, and institutions, but we do know that the industry is not exactly flush with cash. Following an increase in inflation in 2022, the UK's main teaching union opted to strike in order to improve wages for its members. The strikes are not the source of education's susceptibility to ransomware, but they are indicative of the UK education system's deteriorating financial status.

Our hypothesis: cybersecurity was one of many responsibilities being carried out by a small number of IT professionals who were under immense pressure, underpaid, and ill-equipped to deal with a ransomware gang like Vice Society.

Overall, there was no safe haven for organizations in the UK over the last year. Ransomware gangs targeted the whole Anglosphere, not just the United States. As a member of that alliance, the United Kingdom was and very definitely will stay on the front lines fighting ransomware.

The UK education sector should be concerned that, despite having a plethora of targets to pick from, ransomware gangs have chosen it for disproportionate attention. To ward off the determined attentions of attackers who smell an opportunity, it will need to rethink, reskill, and retool its response to ransomware more than any other sector.

How to Prevent Ransomware

• Block common entry points. Create a plan for swiftly patching vulnerabilities in internet-facing systems; block or harden remote access such as RDP and VPNs; and utilize endpoint security software capable of detecting exploits and malware used to spread ransomware.
• Detect intruders. Make it more difficult for intruders to function within your organization by carefully segmenting networks and allocating access privileges. EDR or MDR can be used to detect anomalous behaviour before an assault occurs.
• Put an end to malicious encryption. Deploy Endpoint Detection and Response software, such as , which detects ransomware using several detection algorithms and performs ransomware rollback to restore affected system files.
• Make remote and offline backups. Backups should be kept offsite and offline, out of reach of attackers. Test them on a regular basis to ensure that you can quickly restore critical business functions.
• Avoid being attacked twice. To avoid being attacked again, once you've isolated the outbreak and ended the first attack, you must delete all traces of the attackers, their malware, tools, and ways of entry.
• Engage the services of a team of experts who can keep your data safe.