The past 12 months saw ransomware attacks hit new levels of sophistication, with cyber criminal gangs turning to increasingly professional-style tactics and targeting more impactful victims – and these trends are highly unlikely to fade as we move further into 2022.
That is according to the UK’s National Cyber Security Centre (NCSC), which has today teamed with its Australian and US counterparts to issue a joint advisory on the ransomware threat.
The partners have taken the decision to issue an alert now out of a desire to make sure that the focus on ransomware – which hit new heights last year thanks to a series of major incidents and government pushback – does not taper off, and to remind IT pros that the threat is still a live one.
“Ransomware is a rising global threat with potentially devastating consequences, but there are steps organisations can take to protect themselves,” said NCSC CEO Lindy Cameron.
“To help ensure organisations are aware of the threat and how to defend themselves, we have joined our international partners to set out the very latest threat picture alongside key advice.
“I strongly encourage UK CEOs and boards to familiarise themselves with this alert and to ensure their IT teams are taking the correct actions to bolster resilience.”
The NCSC highlighted the increased use of cyber criminal services for hire – with some gangs seeking specialist skillsets and even outsourcing aspects of their operations; collaborating with others to share information on their targets and victims; and diversifying their approaches to extorting money – double-extortion attacks are morphing in some cases into triple-extortion attacks, a encryption-leak-DDoS (distributed denial-of-service) combo special.
Ransomware crews are also targeting cloud and managed service providers – Kaseya being among the most high-profile examples; the software supply chain – as per the SolarWinds incident; and industrial processes – such as the ongoing attacks against European oil facilities. Gangs are also seeking extra impact by launching their attacks on weekends or public holidays, when security teams are more likely to be running a skeleton staff.
The advisory also offers mitigation advice to defenders to reduce the risk of compromise, including implementing multi-factor authentication, zero-trust network architectures (ZTNA) and user training.
The NCSC advised IT teams to check out its recently launched Ransomware Hub, billed as a one-stop-shop for advice and guidance. UK-based organisations that, despite their best efforts, do fall victim to ransomware attacks should report any incident to its 24-7 incident response team. Note that using this service does not generate a report to the Information Commissioner’s Office (ICO), and you should use the ICO’s own services if data has been breached to an extent that reporting is necessary.
Organisations in Australia and the US should use the relevant information services and reporting mechanisms available in those jurisdictions.
Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency (CISA), said: “We live at a time when every government, every business, every person must focus on the threat of ransomware and take action to mitigate the risk of becoming a victim.
“Reducing risk to ransomware is core to CISA’s mission as the nation’s cyber defence agency, and while we have taken strides over the past year to increase awareness of the threat, we know there is more work to be done to build collective resilience.
“With our NCSC-UK, ACSC, FBI and NSA partners, we urge organisations to review this advisory, visit stopransomware.gov to take action to strengthen their cyber security posture, and report unusual network activity or cyber incidents to government authorities.”
