The UK official National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) in the United States have published a joint paper, on the evolution of the business models and underpinnings of the cybercriminal ransomware ecosystem.
See also the blog post on the NCSC website. Since 2018, the authorities say, businesses have been getting better at preparing for and responding to ransomware attacks. At the same time, OCGs (organised crime groups) have been adapting, to maximise payouts.
As the NCSC warns, ransomware victims – besides being locked out of their systems – also have the worry of their sensitive data being leaked online, and with it the risks of reputational damage, and fines for data protection law breaches.
NCSC CEO Lindy Cameron said: “Organised crime groups have continued to evolve in recent years, with the growth of the ‘ransomware as a service’ model sadly leading to more attacks.
“Our joint report reveals the complexities of the cyber crime ecosystem, with its different platforms, affiliates, enabling services and distributers, which all contribute to the devastating outcomes of ransomware attacks on the UK’s organisations.
“While the NCSC is resolute in tackling this threat with our partners, all organisations must take action to protect themselves. I urge network defenders to read this report and to implement our ransomware guidance to boost their cyber resilience.”
And Home Office Security Minister Tom Tugendhat said: “The UK is a top target for cybercriminals. Their attempts to shut down hospitals, schools and businesses have played havoc with people’s lives and cost the taxpayer millions.
“Sadly, we’ve seen an increase in attacks. This report is a timely reminder of the threats we face, and the importance of ensuring we all do as much as we can to defend ourselves.
“I will ensure our world-class law enforcement and intelligence agencies continue to use their full capabilities to stay on top of emerging threats and protect our businesses and institutions.”
Comment
Michael Smith, field CTO at the cloud platform Vercara says: “Ransomware continues to be the most dominant threat to UK organisations and is having catastrophic consequences on critical national infrastructure (CNI) and other vital services. While many cyberattacks leave businesses unscathed, 18 ransomware incidents elicited a national level response or government intervention. Given increased geopolitical tensions and a rise in cyberwarfare, international leaders and governments have acknowledged this threat at a global scale and the risk it poses to crucial services. Just last year, the European Commission proposed new rules to ensure greater consistency and efficiency in cyber and information security measures across EU institutions, bodies, offices and agencies.
“All this data goes highlights the scale of the challenge ahead for the cybersecurity sector. Cybercriminals attack everybody, it’s their means of revenue. All business leaders must assume that at some point they will be one of their targets. The criminals running these campaigns are looking to cause as much disruption as possible with maximum impact and even bigger reward. Earlier forms of ransomware typically resulted in downtime or unavailable data, but newer strains are emerging, and threat actors are constantly changing their tactics with some threatening a Distributed Denial of Service (DDoS) style-attack.
“Attackers often adopt a triple extortion method or contact the organisation’s customers as a quadruple extortion by using the same malware and various paths to monetisation. Double, triple and even quadruple-extortion pulls organisations from corrective controls focused on asset and data availability, such as backup and recovery, to detective and preventative controls focused on integrity and confidentiality. Whereas double-extortion ransomware involves multiple host or network events that can be detected and traced. Typically, this process includes infection through phishing or a drive-by web browser download, then malware command and control, data discovery across the network and, finally, there is exfiltration of the data.”
Visit https://www.ncsc.gov.uk/whitepaper/ransomware-extortion-and-the-cyber-crime-ecosystem.
Meanwhile in a survey last month of 205 IT security decision makers for the cyber SOC (security operations centre) Integrity360 by Censuswide, ransomware was ranked fourth among challenges causing ‘sleepless nights’, behind data theft, managing risk and compliance, and identity protection.
Brian Martin, Head of Product Development, Innovation and Strategy at Integrity360 said: “IT environments have become increasingly complex with many enterprises now employing multi-cloud strategies and multiple products, which can leave gaps in security, and see businesses paying for underutilised and overlapping tools unnecessarily. Consolidation of cybersecurity architectures can strengthen risk posture, reduce the number of tools and vendors in place, eliminating silos, reducing costs and improving overall security posture.”
Of the 205 IT security decision makers surveyed, some 89pc of respondents reported an increase in the volume of security alerts over the past 12 months, with 76pc reporting and increase of between 1-50pc of alerts. Some 26 percent of those reported a 26-50pc increase in alerts.
Martin added: “Businesses are navigating a digital landscape fraught with risks and data theft is clearly weighing heavy on the minds of those tasked with keeping it safe. Whilst the threats continue to increase, and the alerts rise alongside, so too does the pressure on those tasked with keeping business data secure. Enlisting the help of a Managed Security Services Provider (MSSP) can benefit businesses with the expertise, resources, and round-the-clock vigilance needed to protect sensitive data and respond effectively and efficiently to incidents, affording security teams the opportunity to apply their time and resources to other priorities.”
