Ransomware guidance for victims | Professional Security | #ransomware | #cybercrime

Joint guidance from insurance trade bodies, co-sponsored by the UK official National Cyber Security Centre (NCSC) – a part of the Government listening agency GCHQ, has been released, aimed at ransomware victims.

NCSC CEO Felicity Oswald announced it in a speech on the first day of CYBERUK, an official cyber security conference. She said: “It’s really encouraging to see all corners of the insurance industry unite to support victim organisations with guidance that will help them to better understand their options and reduce harm and disruption to their businesses.

“The NCSC does not encourage, endorse or condone paying ransoms, and it’s a dangerous misconception that doing so will make an incident go away or free victims of any future headaches. In fact, every ransom that is paid signals to criminals that these attacks bear fruit and are worth doing. This cross-sector initiative is an excellent next step in foiling the ransom business model: we’re proud to support work that will see cyber criminals’ wallets emptier and UK organisations more resilient.”

The guidance acknowledges that the ‘ultimate decision whether to pay the ransom is with the victim’, and calls ransomware ‘the key cyber threat facing UK organisations’.

The Association of British Insurers (ABI), British Insurance Brokers’ Association (BIBA) and International Underwriting Association (IUA) are urging victim organisations to adhere to the ‘Guidance for organisations considering payment in ransomware incidents‘.

Briefly, the guidance asks victims of ransomware not to panic – because that may play into the hands of the criminals who want to extort money, usually cryptocurrency; and to review alternatives to paying, such as seeing if you have ‘viable backups’. Where possible, consult the experts – ‘external experts such as insurers, the NCSC, law enforcement or cyber incident response (CIR) companies’. The guidance points out that even if a decryption key is acquired from the criminals, that’s no guarantee you can access your devices or data again. Those experiencing a ransomware attack ‘can report it’, the guidance ends; the NCSC works on incidents of ‘national significance’.


Developed from a NCSC-sponsored research paper by the defence think-tank Royal United Services Institute (RUSI), the guidance sets out recommendations that aim to empower organisations and associated third parties to make informed decisions when faced with ransomware. A report in December by the House of Commons Joint Committee on the National Security Strategy (JCNSS) called for “more detailed”, accessible guidance “on how best to avoid the payment of ransoms after an attack”. The MPs raised concerns about swathes of UK critical national infrastructure; supply chains; and healthcare and local government. Recent print editions of Professional Security Magazine have given case studies of ransomware faced by the University of Manchester; the British Library, pictured; and Humberside Fire & Rescue Service.

The MPs complained that most victims receive ‘next-to-no support from law enforcement or Government agencies’, and described the National Crime Agency as ‘locked in an uphill struggle’ against ransomware.


Raghu Nandakumara, Head of Industry Solutions at the zero trust platform Illumio, said: “It’s good to see more guidance to support businesses with dealing with ransomware and we fully endorse the NCSC’s goal of reducing ransomware payments. Paying ransomware only breeds more attacks, so the only way to completely eradicate ransomware is to stop payments being made.

“At the same time, we also need to see more guidance to help businesses build resilience and contain attacks. More often than not, recovery plans are inadequate or have not been properly tested, which makes them unviable when a real incident does occur. As a result, organisations are left with no choice but to pay the ransom to restore operations and productivity levels as quickly as possible. The NCSC should encourage businesses to adopt an ‘assume attack’ mindset. This is not admitting defeat, instead it focuses on preparing to respond effectively to a cyber incident and building resilience.”

Source link


National Cyber Security