Ransomware activity in the UK dropped sharply in 2025, but more organisations are being successfully compromised, pointing to a shift towards more targeted and effective attacks.
According to data from SonicWall, ransomware detections fell by 87% year on year, yet the number of organisations affected increased by 20%. The figures suggest attackers are moving away from high-volume campaigns towards “big game hunting” tactics that focus on fewer, higher-impact targets.
While total ransomware hits declined from 18.2 million to 2.3 million, the number of impacted organisations rose from 144 to 173, indicating that attacks are becoming more precise and harder to detect .
Spencer Starkey, executive vice president for EMEA at SonicWall (pictured), said the drop in volume masks a more concerning trend. “More organisations are being successfully hit, and attackers are doing it with far greater precision.”
Smaller organisations remain particularly exposed. Ransomware featured in 88% of SMB breaches, compared with 39% in large enterprises, while England accounted for 96.7% of UK ransomware hits, reflecting the concentration of targets in London and the South East .
Alongside this shift, the report highlights a growing “Zombie Tech” problem, with outdated systems continuing to drive attack activity. A single vulnerability in Hikvision IP cameras generated 67 million attack attempts, more than 20% of serious intrusion activity, while exploits such as Log4Shell and Shellshock remain widely used .
“Zombie Tech continues to haunt UK networks,” Starkey said. “We’re seeing millions of attacks tied to long-known vulnerabilities.”
The findings underline a more complex threat landscape, where lower volumes do not equate to lower risk. Instead, attackers are combining automation with precision targeting, increasing the likelihood of successful breaches and reinforcing the need for organisations to address both basic vulnerabilities and more advanced threats.
