As a new international action plan calls for urgent action to tackle ransomware, the NCSC reminds organisations of what steps they can take now to protect themselves from this growing threat 

The ransomware threat is increasing – both in terms of scale and harm. The UK’s National Cyber Security Centre’s (NCSC) 2020 Annual Review noted that they handled three times as many incidents than the previous year. Attackers are becoming more sophisticated, spending time in systems to ensure they encrypt the highest-value data assets and targeting online back-ups to hinder recovery. The disruption it causes, and critical infrastructure being targeting (including hospitals and schools) alongside corporates means it is now a national security threat, as well as a key risk for organisations.

Ransomware Taskforce Framework

On 29 April the Ransomware Taskforce published a report setting out a comprehensive framework for action and key recommendations to combat ransomware. The taskforce is new a US-led team made up of governments, tech firms (such as Amazon and Microsoft), cyber security experts and academia from around the world. The NCSC contributed to its work. The framework is primarily aimed at the US Government, although it recognises the international nature of ransomware and that many of its recommendations will impact industry. It is organised around four goals:

1. deter ransomware attacks through a nationally and internationally coordinated, comprehensive strategy;

2. disrupt the ransomware business model and reduce criminal profits;

3. help organizations prepare for ransomware attacks; and

4. respond to ransomware attacks more effectively.

The report outlines 48 recommendations that Governments and industry leaders can action to mitigate the ransomware threat. Priority recommendations include that Governments should:

- establish Cyber Response and Recovery funds to support ransomware and mandate that organisations report ransomware payments, and consider alternatives before making payments. While we imagine the former will be welcomed by organisations, the latter will be a sobering thought for those considering paying; and

- regulate more closely the cryptocurrency sector that enables cyber crime.

For those looking to increase their knowledge on the ransomware threat, the report contains some useful insights. It describes how ransomware works, who the main threat actors are and how issues like cyber security do, and could in the future, impact ransomware (once the market matures and insurers adopt standard security baseline requirements). On the insurance point, the report highlights that ransomware attacks are the most common reported cyber insurance claim, according to Coalition (a US cyber insurance firm). In the first half of 2020, Coalition observed a 260% increase in the frequency of ransomware attacks among its policyholders, with the average ransom demand increasing 47%.

Action organisations can take now

The NCSC has used the launch of the framework to remind UK organisations to prepare for such an attack, since there are limited actions that can be taken once a ransomware attack hits. This includes:

- Following their Mitigating Malware and Ransomware guidance (updated in March 2021) which provides guidance on how organisations can secure their network against a ransomware attack.

- Testing response plan using the NCSCs Cyber Exercise Creation guidance.

Finally, it will be interesting to see how, or if, the UK Government directly tackles ransomware in its upcoming Cyber Strategy (expected to be published this year) and whether this framework and its recommendations will influence the UK Government’s approach.