The UK and 38 countries including Australia, Canada, Japan,
the United States and New Zealandhave united with international
cyber insurance bodies to back important new guidance supporting
organisations from ransomware attacks and boosting global
resilience.
The new guidance - agreed yesterday (1 October 2024) at the
Counter Ransomware Initiative - will encourage organisations to
carefully consider their options instead of rushing to make
payments to cyber criminals in an attempt to stop disruption and
data loss. It makes clear that paying a ransom will often only
embolden these criminals to target other victims, and there is no
guarantee data retrieval, malware removal or the end of a
ransomware attack.
Instead, organisations are encouraged report attacks to law
enforcement authorities, check if data backups are available and
get advice from recognised experts. They should also take action
ahead of a possible attack by preparing policies, frameworks and
communications plans as part of contingency plans.
The new guidance will ultimately help undermine the business
model of ransomware criminals and take away the incentive to
target other organisations elsewhere, preventing future attacks
and boosting global resilience.
Security Minister said:
“Cyber criminality does not recognise borders.
“That is why international co-operation is vital to tackle the
shared threat of ransomware attacks.
“This guidance will hit the wallets of cyber criminals, and
ultimately help to protect businesses in the UK and around the
world.”
Ransomware is the biggest cyber threat to most UK businesses and
organisations, as cyber criminals constantly evolve their tactics to
increase efficiency and boost profits, and last year was the
worst year on record for ransomware payments, with more than
$1billion lost to victims worldwide (according to industry
estimates by Chainanalysis).
As part of a crackdown on cyber criminals, this week the UK sanctioned sixteen
individuals linked to the Evil Corp cyber gang in joint
action with the US and Australia.
The prolific, long-standing Russian cybercrime group, Evil Corp
had previously conducted malware and ransomware attacks on UK
health, government and public sector institutions, as well as
private commercial technology companies.
It was also revealed Evil Corp actors had links to ransomware
group LockBit. The National Crime Agency's infiltration of
LockBit, earlier this year revealed that cyber criminals often
retained data even after victims paid a ransom on the promise it
would be deleted.
The UK has led the way in this collaborative approach with the
cyber insurance industry, who can play a key role in supporting
organisations before, during and after ransomware incident.
In May, the National Cyber Security Centre and 3 major UK
insurance bodies (the Association of British Insurers, the
British Insurance Brokers' Association and the International
Underwriting Association) joined forces to launch co-sponsored guidance
for UK organisations.
NCSC Director for National Resilience Jonathon Ellison
said:
“Ransomware remains an urgent threat and organisations should act
now to boost resilience.
“The endorsement of this best practice guidance by both nations
and international cyber insurance bodies represents a powerful
push for organisations to upgrade their defences and enhance
their cyber readiness.
“This collective approach, guided by last year's CRI statement
denouncing ransomware and built on guidelines from the NCSC and
UK insurance associations earlier this year, reflects a growing
global commitment to tackling the ransomware threat.”
The CRI is the only dedicated multilateral forum for UK and
international partners to come together to develop new policies
and processes to combat ransomware.
Last year, the forum agreed a groundbreaking joint
statement again led by the UK and Singapore denouncing
ransomware payments and confirming, for the first time, that no
central government funds should be used to pay demands.
The new guidance comes as Cyber Security Awareness Month begins,
which this year focuses on the importance of businesses building
their cyber resilience.
Notes to editors:
- The statement and full list of signatories can be viewed on
GOV.UK: CRI guidance for
organisations during ransomware incidents
- The Counter Ransomware Initiative (CRI) was created in 2021
and is chaired by the United States. Membership is voluntary.
This is the fourth time the body has met.
- The UK and Singapore are the co-leads for Policy developments
in the CRI.
- Ransomware criminals typically access a computer through a
malicious piece of software and then often encrypt or steal data.
The victim is then told that the offenders will decrypt or return
the data in exchange for a large fee, paid in cryptocurrency.
