Keeping ransomware at bay: UK NCSC updates its malware and ransomware guidance

The UK's National Cyber Security Centre (NCSC) recently streamlined its guidance on how organisations can mitigate malware and ransomware attacks. Given Travelex's recent experience with ransomware and the new cyber risk created by the COVID-19 pandemic, the revised guidance is a timely reminder of the risks that organisations, public and private alike, must be ready to tackle, and tackle quickly.

While certainly not new, malicious software remains a lucrative tool for cybercriminals. Last year's Verizon Data Breach Report identified that nearly 30% of all data breaches involved some form of malware. In particular, ransomware, a type of malware which can generate speedy rewards as targeted organisations rush to recover access, appears to be on the rise. 

In the updated guidance, the NCSC has retained some of its key commentary on strategies to mitigate malware and ransomware risk. Organisations are encouraged to implement layers of defence to prevent and contain infections by, for example, promoting staff awareness of cyber security risks, keeping software and infrastructure up to date, blocking known malicious sites and regularly filtering and inspecting content. The NCSC also endorses the National Crime Agency's advice to not pay ransoms.

However, by stripping out the more technical and detailed content, the NCSC seeks to make its new, shorter, guidance as relevant and accessible as possible. This will undoubtedly be welcomed by organisations across all sectors of society, and certainly not least by those who need quick access to advice.

Another key addition relates to offline backups. While backups have featured in the guidance for some time, the NCSC has decided to draw out the importance of keeping them offline in light of the recent incidents involving the 'Trickbot' banking trojan. By keeping regular backups of essential files separate from their network (and so'offline'), organisations can prevent them from being bundled up with any encrypted and ransomed data. This can help ensure a level of business continuity at a critical time and speed up recovery from the attack.