Businesses urged not to give in to ransomware cybercriminals as authorities see surge in payments | Scientific and technical news

Businesses urged not to pay cyber extortionists as authorities claim to have evidence of increased ransomware payments.

In a joint letter to the Law Society, the National Cyber Security Center (NCSC) and the Office of the Information Commissioner are warning lawyers who may have advised their clients to pay.

It follows cybersecurity experts from the UK, US and Australia earlier this year Attention of a “growing wave of increasingly sophisticated ransomware attacks” that could have “devastating consequences”.

The joint letter states that while ransomware payments are “not exceptionally illegal”, those who pay them “should be mindful of the relevance of sanctions regimes (especially those related to Russia)” when considering making the payment.

The United States sanctioned in December 2019 any financial transaction with a Russian cybercrime group accused of having work with Russian intelligence to steal classified government documents.

WHAT IS RANSOMWARE?

Ransomware is a type of malware (malicious software) that attackers can deploy on a victim’s computer network to encrypt their files and render their devices inoperable.

With modern ransomware attacks, criminals then extort the victim to pay huge sums of money, often in Bitcoin and sometimes worth millions of pounds, to decrypt their files and make them accessible again.

But the criminal system involved – made up of skilled networks of individuals who specialize in their particular roles – has developed a multi-faceted model of extortion that involves stealing sensitive files and threatening to post them online in case victims might recover their files from unencrypted backups, or simply refuse to pay.

If released, these files, which may relate to sensitive business transactions or may include customer information, could damage the reputation of the victimized business, impact its stock price or even potentially lead to a class action lawsuit, all of the potential impacts pointed out by the criminals as part of their extortion scheme.

But as the UK’s National Cyber Security Center warns: “Even if you pay the ransom, there is no guarantee that you will gain access to your computer or files. »

Despite the fallout from the Russian war in Ukraine – in one case disconnect 5,800 wind turbines in Germany – the NCSC claims to have detected no increase in hostile activity targeting Britain during the conflict.

The companies have, however, been warned that there is an increased level of threat from cyberattacks due to the conflict which is likely to be here ‘for the long haul’.

NCSC chief executive Lindy Cameron said: “Ransomware remains the biggest online threat to the UK and we do not encourage or condone the payment of ransom demands to criminal organisations.

“Unfortunately, we have seen a recent increase in payments to ransomware criminals and the legal industry has a vital role to play in helping reverse this trend.

“Cybersecurity is a collective effort and we urge the legal industry to work with us as we continue our efforts to fight ransomware and keep the UK safe online. »

Mrs Cameron previously warned that the challenge that ransomware gangs posed to law enforcement was “acute” as “criminals responsible often operate beyond our borders, increasingly successful in their efforts”.

“We expect ransomware to continue to be an attractive avenue for criminals as long as organizations remain vulnerable and continue to pay,” she said at the time.

Although there have been arguments in favor of criminalizing the payment of ransoms, this poses a number of additional risks, such as providing criminals with an additional factor that they could use to extort their victims.

John Edwards, the Information Commissioner, added: “Engaging with cybercriminals and paying ransoms only incentivizes other criminals and will not guarantee that compromised files will be disclosed.

“It certainly does not reduce the scale or type of ICO enforcement action or the risk to those affected by an attack,” he added, responding to suggestions that some lawyers have told their customers that paying the criminals would be considered a gesture. to protect user data.

“We have seen cybercrime cost UK businesses billions over the last five years,” the commissioner said.

“The answer to this must be vigilance, good cyber hygiene, including keeping proper backup files, and proper staff training to identify and stop attacks.

“The organizations will get more credit from these arrangements than by paying the criminals.

“I want to work with the legal profession and the NCSC to ensure companies understand how we will review cases and how they can take practical steps to protect themselves in a way that we will recognize in our response should the worst happen. . »

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

WHAT IS RANSOMWARE?

Share this:

Leave a Comment Cancel reply