The UKs cyber security experts have warned of a growing wave of increasingly sophisticated ransomware attacks in their first joint advisory with international partners on the threat.
Image courtesy NCSC
The advisory from the National Cyber Security Centre (NCSC), Australian Cyber Security Centre (ACSC), Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) details both the threat picture for 2021 as well as the mitigation steps organisations can take.
Ransomware attacks involve the blocking of access to computers or data by cyber criminals, who then demand payment from the victim before they can retrieve it. In 2021, cyber authorities observed a number of ransomware trends, including:
increased use of cyber criminal ‘services-for-hire’
sharing of victim information between different groups of cyber criminals
diversifying approaches to extorting money
Ransomware groups also increased the impact of their attacks by:
targeting cloud services
attacking industrial processes and the software supply chain
launching attacks on organisations during public holidays and weekends
The advisory follows the NCSC’s recently launched Ransomware Hub, which is a one-stop shop for advice on how ransomware works, on whether a ransom should be paid, and how to prevent a successful attack.
NCSC CEO Lindy Cameron said: “Ransomware is a rising global threat with potentially devastating consequences but there are steps organisations can take to protect themselves.
“To help ensure organisations are aware of the threat and how to defend themselves we have joined our international partners to set out the very latest threat picture alongside key advice.
“I strongly encourage UK CEOs and Boards to familiarise themselves with this alert and to ensure their IT teams are taking the correct actions to bolster resilience.”
The joint advisory also offers mitigation advice to network defenders which will reduce the risk of a compromise, which includes implementing a requirement for multi-factor authentication, Zero Trust architecture, and a user training programme with phishing exercises.
UK organisations which fall victim to a cyber attack should report the incident to the NCSC’s 24/7 Incident Management team.
Abigail Bradshaw CSC, Head of the Australian Cyber Security Centre, said: “Ransomware remains one of the most disruptive cyber threats to organisations and individuals. This global problem requires a global solution. That is why the ACSC is joining with our US and UK partners to issue this advisory, providing a coordinated global response to counter these cyber threats.
“It is critical that individuals, businesses and industry follow the advice and mitigation strategies in this joint advisory to strengthen your networks and uplift your defences to protect yourselves against this threat.”
CISA Director Jen Easterly said: “We live at a time when every government, every business, every person must focus on the threat of ransomware and take action to mitigate the risk of becoming a victim.
“Reducing risk to ransomware is core to CISA’s mission as the nation’s cyber defense agency, and while we have taken strides over the past year to increase awareness of the threat, we know there is more work to be done to build collective resilience.
“With our NCSC-UK, ACSC, FBI, and NSA partners, we urge organizations to review this advisory, visit stopransomware.gov to take action to strengthen their cybersecurity posture, and report unusual network activity or cyber incidents to government authorities.”
Assistant Director Bryan Vorndran of the FBI's Cyber Division said: “The FBI is committed to protecting the public from the rise in ransomware attacks that we have seen in recent years.
“With our partners in and outside of government, the FBI is working to bring all our tools to bear against these criminals. It is critical for business leaders across industries and the public to take action immediately to harden their systems and work with law enforcement to tackle this threat.”
NSA Cybersecurity Director Rob Joyce said: “When critical infrastructure is held at risk by foreign hackers operating from a safe haven in an adversary country, that’s a national security problem.
“The ransomware scourge is a significant focus area for NSA as we generate insights alongside our partners. Network defenders should take action on the mitigations in the advisory.”