It seems that both public and private organizations in the UK are increasingly becoming targets of cyberattacks. Recently, it was revealed that the British Horseracing Authority (BHA) had fallen victim to a ransomware attack, which compromised several servers within its IT infrastructure. The attack occurred during the first week of June 2025.
While the core operations of racing events and general administration have remained unaffected, the cyberattack primarily impacted the digital infrastructure. In response, some of the IT staff have been asked to work remotely while the authorities work to mitigate the damage.
The ransomware group behind the attack remains unidentified, with the details kept confidential for security reasons.
Why Are Western Entities Being Targeted?
This brings up a critical question: Why are businesses and organizations in the UK—and the West in general—being specifically targeted by cybercriminals?
The reasoning behind these attacks can be understood from two key perspectives:
1. Monetary Motivation: Hackers often target Western entities because they are more likely to pay a ransom. In these regions, data is often seen as essential to business operations, and losing critical information can lead to a devastating financial collapse. This makes these organizations prime targets for cybercriminals seeking financial gain.
2. Security Oversight: Hackers also exploit the assumption that many businesses in the West do not prioritize cybersecurity. This perceived vulnerability allows cybercriminals to take advantage of weak defenses, often requiring only minimal effort to breach these systems and secure a lucrative payoff.
In the past few weeks, several high-profile organizations have been targeted. Marks & Spencer, for instance, fell victim to the DragonForce ransomware, and it took nearly five weeks for the retail giant to fully recover its IT services. Co-Op, another major UK company, experienced a cyberattack roughly seven weeks ago, followed by an assault on Harrods.
The Growing Menace of Double Extortion Ransomware
Ransomware attacks have evolved in sophistication. It’s no longer just about encrypting databases and demanding a ransom for decryption keys. With the rise of double extortion, hackers first steal sensitive data before locking it down, demanding a hefty ransom—usually in cryptocurrency—for access. If the victim refuses to pay, the stolen data is then leaked on the dark web, often sold to other malicious actors for future exploits or social engineering attacks.
In some rare cases, cybercriminals escalate their attacks even further by contacting the victim’s customers and business partners, spreading misinformation, and attempting to damage the company’s reputation. This is known as triple extortion.
Who’s to Blame, and Where Is This Leading?
The question of who is responsible for these attacks—and what their ultimate impact will be—remains unresolved. But one thing is clear: The threat of cyberattacks is growing more sophisticated and disruptive. With organizations continuing to face cybercrimes that could ruin their operations, the need for better cybersecurity practices has never been more urgent.
Join our LinkedIn group Information Security Community!
