Ransomware and the cyber crime ecosystem
Ransomware has been the biggest development in cyber crime since we published the NCSC’s 2017 report on online criminal activity.
Ransomware’s defining feature is that it encrypts data on victims’ systems until a payment is made. Since IT systems are now ubiquitous, ransomware attacks can be truly devastating for victims and their customers, which is why it remains the most acute cyber threat for UK businesses and organisations.
https://www.ncsc.gov.uk/whitepaper/ransomware-extortion-and-the-cyber-crime-ecosystem” target=”_self”>A new white paper, published by the NCSC and the National Crime Agency, examines how the tactics of organised criminal groups (OGCs) have evolved as ransomware and extortion attacks have grown in popularity. It’s particularly aimed at security professionals and resilience sector leads who need to be aware of changes in cyber criminal activity to better protect their systems and inform security policy.
Since 2018, businesses have been getting better at preparing for and responding to ransomware attacks. At the same time, OCGs have been adapting their business models to maximise payouts. For example, ransomware victims – in addition to being locked out of their systems – now have the additional worry of their sensitive data being leaked online, and with it face the risks of reputational damage. They could also face large fines under laws such as UK GDPR and the Data Protection Act 2018.
As well as the actual ransomware malware (such as Lockbit or ALPHV), there are a number of enabling services, platforms, distributors and affiliates that are key to conducting a ransomware attack. It’s this wider criminal ecosystem that is the main focus of the paper.
The white paper is the latest addition to a series of NCSC publications that address the continued threat from ransomware. Crucially, implementing NCSC guidance will interrupt the majority of attacks, which is why we encourage system owners and technical staff to visit the https://www.ncsc.gov.uk/ransomware/home” target=”_self”>NCSC’s pages on ransomware, which includes guidance on how organisations can defend themselves from ransomware attacks.
The deployment of ransomware relies on a complex supply chain, so focussing on specific ransomware strains can be confusing at best, and unhelpful at worst. We hope that the publication of this white paper shines a light on the motivations of the threat actors further upstream, who are ultimately driving the monetisation of ‘ransomware as a service’, and other extortion attacks.
We’d like to thank our industry partners that contributed to the paper, specifically Mandiant, SecureWorks, ShadowServer and PWC. As with all NCSC reports, we welcome your feedback. So if you’d like to get in touch, you can do so using our https://www.ncsc.gov.uk/section/about-this-website/general-enquiries” target=”_self”>Contact Us page.
Martin P, NCSC Cybercrime Operations Lead
Sarah F, Cybercrime Impact & Insight Lead
Original Source: ncsc[.]gov[.]uk
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.