Cyber attacks are no longer rare events aimed only at large corporations. Over the past year, small and medium-sized businesses across the United Kingdom have become routine targets. Criminal groups increasingly look for easier entry points — weak passwords, unprotected devices, and staff caught out by convincing emails.
Recent security reporting shows a clear shift: attackers are moving faster, using automation and artificial intelligence tools, and exploiting identity weaknesses rather than breaking through complex technical defences.
Several named ransomware groups are currently active, including Qilin, Akira, Cl0p, BlackSuit, BQT.Lock, VolkLocker, Play, Hunters International, Safepay, INC Ransom, Lynx, and evolving LockBit variants. These groups are responsible for thousands of attacks globally, many of which directly affect small and medium-sized organisations.
Below are the most significant threats affecting businesses right now and what you can do to reduce your risk
Identity Theft & Account Takeovers
Most successful breaches now begin with compromised login credentials rather than complex technical hacking.
Attackers obtain passwords through phishing emails, data leaks, password reuse, or brute-force attacks against remote access systems. Once inside an account, they can access email, reset passwords, impersonate staff, and move laterally through systems undetected.
Groups such as Akira and BlackSuit are known to exploit weak VPN access and stolen credentials to gain entry before deploying ransomware.
Reduce the risk:
• Use strong, unique passwords for all business systems
• Enable multi-factor authentication wherever available
• Remove access promptly when staff leave
• Avoid shared user account
AI-Enhanced Phishing & Social Engineering
Phishing remains the most common entry method for ransomware groups including Qilin, Play, and Hunters International.
Attackers now use artificial intelligence tools to generate highly convincing emails that mimic suppliers, colleagues, delivery companies, or financial institutions. Some campaigns target finance teams specifically, requesting urgent payment transfers or bank detail changes.
More advanced operations are even using voice impersonation and executive spoofing.
Reduce the risk:
• Treat urgent payment requests with caution
• Verify bank detail changes by phone using trusted numbers
• Train staff to inspect sender addresses carefully
• Never open unexpected attachments or link
Ransomware Targeting SMEs Directly
Ransomware groups are actively targeting smaller businesses because they often have weaker security controls and limited backup strategies.
Groups such as Cl0p specialise in exploiting file-transfer software vulnerabilities to steal large volumes of data. Others like Qilin, Akira, BQT.Lock, VolkLocker, Safepay, INC Ransom and Lynx typically encrypt systems and steal data before demanding payment.
Even after international enforcement action against earlier versions of LockBit, variants and copycat groups continue to circulate.
Modern attacks often use “double extortion” — encrypting systems and threatening to publish stolen data if payment is refused.
Reduce the risk:
• Maintain regular, tested offline backups
• Keep systems and software fully updated
• Restrict remote desktop and VPN access
• Enforce multi-factor authentication
• Use reputable endpoint protection across all device
Supply Chain & Software Exploitation
Some groups gain entry not through direct attack, but by exploiting vulnerabilities in widely used software or service providers.
The Cl0p group has previously exploited file-transfer tools to compromise multiple organisations at once. Ransomware-as-a-service operations lower the technical barrier for criminals, meaning attacks are increasing in volume.
This means even well-run businesses can be exposed if a supplier or software platform is compromised.
Reduce the risk:
• Keep automatic updates enabled from trusted vendors
• Remove unsupported or legacy software
• Limit administrative privileges on workstations
• Monitor unusual activity after software update
Why Small Businesses Are Being Targeted
Smaller organisations often assume they are too small to attract attention. In reality, attackers see them as lower-resistance targets with valuable financial data, payroll systems, and client information.
Many ransomware operators now run structured affiliate programmes, meaning attacks are scaled and automated rather than individually crafted.
The impact of a successful breach can include operational shutdown, data loss, financial penalties, and long-term reputational damage
Practical Steps Every Business Should Take
Even straightforward improvements significantly reduce risk:
• Enable multi-factor authentication across all systems
• Keep devices and software fully updated
• Use reputable antivirus and endpoint protection
• Maintain secure, tested backups
• Train staff regularly on phishing awareness
• Restrict user permissions to only what is necessary
Most successful attacks still exploit basic weaknesses rather than advanced technical flaws.
Taking preventative steps now dramatically reduces your exposure to threats such as Qilin, Akira, Cl0p, and the growing ecosystem of ransomware groups targeting small and medium-sized organisations.
For professional advice on securing your network, devices, and business systems in Cheltenham & Gloucestershire, contact us to discuss how we can help protect your organisation.
