With cybersecurity attacks on the rise, the National Cyber Security Centre and the Information Commissioner’s Office is stepping up a campaign advising companies not to give in to ransomware requests.
As of 2021, the average cost of a cyber incident to organisations in the UK was highest in the energy sector, with a median cost of 35,439 U.S. dollars per cyber event (Source: Statista). Other business sectors where the impact cost of a data breach are high, include financial services, retail and wholesale, pharma and healthcare, transport and distribution. The costs were lowest in the travel and leisure industry.
Lindy Cameron, National Cyber Security Centre Chief Executive Officer, said there had been a recent rise in payments to “ransomware criminals”, adding: “Ransomware remains the biggest online threat to the UK and we do not encourage or condone paying ransom demands to criminal organisations.
John Edwards, UK Information Commissioner, added: “Engaging with cyber criminals and paying ransoms only incentivises other criminals and will not guarantee that compromised files are released. It certainly does not reduce the scale or type of enforcement action from the ICO or the risk to individuals affected by an attack.
“We’ve seen cyber-crime costing UK firms billions over the last five years. The response to that must be vigilance, good cyber hygiene, including keeping appropriate back up files, and proper staff training to identify and stop attacks. Organisations will get more credit from those arrangements than by paying off the criminals.”
Ransomware involves the encrypting of an organisation’s files by cyber criminals, who demand money in exchange for providing access to them. These attacks are becoming more sophisticated and damaging and the UK Government is working with partners across the board to mitigate the threat. With this in mind, in December 2021 the National Cyber Strategy was launched to provide £2.6bn of new investment and strengthen the UK’s role as a responsible cyber power.
Tackling cyber-crime, in particular ransomware, is at the heart of the strategy which aims at increasing capability of law enforcement partners so they can better respond to cyber attacks. For instance, the National Cyber Crime Unit (NCCU) within the National Crime Agency (NCA) was created to bring together law enforcement experts into a single elite unit. There is also an established network of regional cyber-crime units (ROCUs) to provide access to specialist capabilities across the country.
What to do if your company is hit by a ransomware attack?
Organisations should report directly an ongoing incident to Action Fraud (0300 123 2040) and to the ICO (Information Commissioners’ Office on 0303 123 1113), if breaches come under GDPR regulations.
Advice on preventing attacks:
The NCSC advise using a “defence in depth strategy”.
The guidance states: “Since there’s no way to completely protect your organisation against malware infection, you should adopt a ‘defence-in-depth’ approach. This means using layers of defence with several mitigations at each layer. You’ll have more opportunities to detect malware, and then stop it before it causes real harm to your organisation.
You should assume that some malware will infiltrate your organisation, so you can take steps to limit the impact this would cause, and speed up your response.”
Information from the NCSC states, if your organisation has already been infected with malware, you should:
- Immediately disconnect the infected computers, laptops or tablets from all network connections, whether wired, wireless or mobile phone based.
- In a very serious case, consider whether turning off your Wi-Fi, disabling any core network connections (including switches), and disconnecting from the internet might be necessary.
- Reset credentials including passwords (especially for administrator and other system accounts) – but verify that you are not locking yourself out of systems that are needed for recovery.
- Safely wipe the infected devices and reinstall the OS.
- Before you restore from a backup, verify that it is free from any malware. You should only restore from a backup if you are very confident that the backup and the device you’re connecting it to are clean.
- Connect devices to a clean network in order to download, install and update the OS and all other software.
- Install, update, and run antivirus software.
- Reconnect to your network.
- Monitor network traffic and run antivirus scans to identify if any infection remains.