London Defender

The Daily Mirror of the Great Britain

‘Increasingly sophisticated ransomware attacks’ prompt joint alert from UK, US, and Australia

Cyber security experts from the UK, US, and Australia are warning of a “growing wave of increasingly sophisticated ransomware attacks” which could have “devastating consequences”.

Chief executive officers and board members are being strongly encourages to familiarise themselves with the risks and “ensure their IT teams are taking the correct actions to bolster resilience”.

KP Snacks confirmed last week that a ransomware attack was expected to lead to a shortage of several popular crisp and nuts brands on grocery store shelves.

Last year, an attack on a critical oil pipeline in the US threatened transport chaos when petrol stations in America’s eastern states started to run low on supplies.

WHAT IS RANSOMWARE?

Ransomware is type of malware (malicious software) that attackers can deploy on a victim’s computer network to encrypt their files.

With modern ransomware attacks, the criminals then extort the victim to pay huge sums of money, often in Bitcoin and sometimes worth millions of pounds, to decrypt their files and make them accessible again.

But the criminal system involved – featuring skilled networks of individuals specialised in their particular roles – has developed a multi-faceted extortion model which involves stealing sensitive files and threatening to release them online in case victims are able to recover their files from unencrypted backups, or simply refuse to pay.

If published, these files, which can relate to sensitive business deals or may include customer information, could damage the victim company’s reputation, impact their share price, or potentially even lead to a class-action lawsuit, all potential impacts stressed by the criminals as part of their extortion scheme.

But as UK’s National Cyber Security Centre warns: “Even if you pay the ransom, there is no guarantee that you will get access to your computer, or your files.”

Increased, globalised threat from ransomware

The joint advisory published by the nations’ cyber security agencies states that the trends show an increased, globalised threat, although no figures were provided to contextualise this increase.

In particular, the advisory warns there is a growing commercial underground for criminals to purchase hacking services, trade stolen data, and extort victims in different ways.

More on Australia

The healthcare and critical infrastructure sectors are among the most risky areas for the authorities due to the immediate impact an attack could have on people’s safety.

Lindy Cameron, the chief executive of the UK National Cyber Security Centre (NCSC), warned that ransomware was “a rising global threat with potentially devastating consequences”.

The cybersecurity director at the US National Security Agency, Rob Joyce, added: “When critical infrastructure is held at risk by foreign hackers operating from a safe haven in an adversary country, that’s a national security problem.”

“The ransomware scourge is a significant focus area for NSA as we generate insights alongside our partners. Network defenders should take action on the mitigations in the advisory,” he went on.

Ms Cameron previously warned that the challenge ransomware gangs posed to law enforcement was “acute” as “the criminals responsible often operate beyond our borders, are increasingly successful in their endeavours”.

“We expect ransomware will continue to be an attractive route for criminals as long as organisations remain vulnerable and continue to pay,” she said at the time.

NCSC recently launched a ransomware hub to advise British businesses on how ransomware works, whether they should pay a ransom, and how to prevent a successful attack.