UK cyber and crime agencies have highlighted an increase in ransomware, data theft and extortion attacks as a rapidly evolving cyber crime ecosystem takes advantage of weak online security.
The National Cyber Security Centre (NCSC) and National Crime Agency (NCA) published a white paper this week, detailing the tactics of organised criminal groups in launching ransomware, data theft and extortion attacks and the security vulnerabilities that allow them to succeed. In this blog post we summarise the key takeaways and recommendations.
The cyber crime ecosystem
As businesses have progressed in planning for and responding to cyber attacks, ransomware groups have evolved and adapted to survive and maximise profits. Ransomware and extortion attacks have evolved into elaborate business models with multiple enabling services, platforms, distributors, and affiliates involved in the process.
The development of “Ransomware as a Service” means that cyber criminals no longer need extensive computing knowledge and technical skills because they can easily access software and tools to carry out attacks.
Cryptocurrency has made it easier for criminals to obtain payment and harder for them to be traced. International cooperation is required to pursue cyber criminals but not all countries are on board. The NCA’s National Strategic Assessment 2023 noted that “Russian-language criminals operating ransomware as a service continue to be responsible for most high profile cyber crime attacks against the UK”.
The attacks
Ransomware is the biggest development in cyber crime in the last 6 years. In a ransomware attack, cyber criminals encrypt data and files on the victim’s systems and demand a payment to unlock them.
Increasingly, cyber criminals are also stealing and threatening to publish sensitive data to extort payments – either as part of a ransomware attack or as a standalone attack.
There has been an increase in high-profile attacks in the UK in recent years. Critical care services provided by local authorities and various educational institutions have been compromised and ransomware will continue to be a significant threat to UK individuals, businesses, and organisations.
Impact on victims
Ransomware attacks can be devastating for organisations – affecting every aspect of their operations and disrupting their relationships with customers or the public. Recovery is often lengthy and costly.
Theft of sensitive data exposes the organisation to financial loss, reputational damage, regulatory fines and penalties, compensation claims, and potential further criminality such as fraud.
Data protection authorities (such as the Information Commissioner’s Office in the UK) can enforce penalties for failure to adequately protect personal data regardless of whether the stolen personal data is published. Depending on the severity of the breach and other factors, fines could in theory reach up to £17.5m or 4% or annual global turnover, whichever is higher.
Security vulnerabilities and how to fix them
The vast majority of ransomware attacks are not targeted at particular sectors or caused due to sophisticated attack techniques. They are often the consequence of poor cyber hygiene or simply opportunistic – e.g. unpatched devices or weak passwords. Implementing the measures set out in the NCSC guide to ransomware would interrupt the majority of attacks.
How can we help?
With organisations operating in a trust economy, earning and protecting consumer trust has never been more important. With the largest cyber and data privacy team in Scotland, Burness Paull’s specialist lawyers provide a full range of legal services in relation to cyber security, from resilience building and compliance management to urgent legal support as part of breach response, regulatory reporting and engagement and the management of consequential legal claims by affected data subjects.
If your organisation is victim to a cyber incident, or you want to take proactive steps to build cyber resilience, our team of experts can assist. Get in touch to find out how we can help.
To find out more about the trust economy, read our thought leadership paper exploring some of the key themes here.
Written by
Related News, Insights & Events
Error.
No results.
Responding effectively to a cyber incident: a practical workshop
10/02/2026
We are running a practical incident response workshop in our Edinburgh office where our expert data privacy & cyber team will guide you through an unfolding mock incident.
A good data be a trustee?: what does the Data (Use and Access) Act 2025 mean for pension schemes?
16/12/2025
The new Data (Use and Access) Act 2025 (DUAA) introduces some significant changes to UK data protection law since the GDPR. Its reforms have a direct impact on scheme governance and member experience.
Be ready for requests to access your company’s data
11/12/2025
Organisations in all sectors are having to contend with more regular and complex statutory information requests for personal data of their employees or third-party individuals.
{name}
{properties.pageSummary}
{properties.eventName}
{properties.pageDate|date:dd/MM/yyyy}{properties.shortDescription}
{properties.headline}
{properties.pageDate|date:dd/MM/yyyy}
{properties.shortDescription}
