Businesses Urged Not to Give in to Ransomware Cybercriminals as Authorities See Rise in Payouts | science and technology news

Businesses are urged not to pay cyber extortionists as authorities say they are seeing evidence of a rise in ransomware payments.

In a joint letter to the Law Society, the National Cyber ​​Security Center (NCSC) and the Information Commissioner’s Office warn lawyers that they may have been advising their clients to pay up.

Followed earlier this year by cyber security experts from the UK, US and Australia. caveat of a “rising wave of increasingly sophisticated ransomware attacks” that could have “devastating consequences”.

The joint letter states that while ransomware payments are “not unusually illegal,” payers “must take into account the relevance of sanctions regimes (particularly those related to Russia)” when considering making the payment.

The United States sanctioned in December 2019 any financial dealings with a Russian cybercrime group accused of working with russian intelligence to steal classified government documents.

WHAT IS RANSOMWARE?

Ransomware is a type of malware (malicious software) that attackers can deploy on a victim’s computer network to encrypt their files and render their devices useless.

With modern ransomware attacks, criminals then extort the victim into paying large sums of money, often in Bitcoin and sometimes worth millions of pounds, to decrypt their files and make them accessible again.

But the criminal establishment involved, which has skilled networks of people specialized in their particular roles, has developed a multifaceted extortion model that involves stealing sensitive files and threatening to post them online if victims are able to retrieve their backup files. unencrypted security, or simply refuse to pay.

If released, these files, which may be related to confidential business deals or may include customer information, could damage the victim company’s reputation, affect its stock price, or even lead to a class action lawsuit, all potential impacts emphasized. by criminals as part of their extortion scheme.

But as the UK’s National Cyber ​​Security Center warns: “Even if you pay the ransom, there’s no guarantee you’ll gain access to your computer or your files.”

Despite the side effects of the Russian war in Ukraine – in one case Taking 5,800 wind turbines in Germany offline – The NCSC says it has not detected any increase in hostile activity against Britain during the conflict.

However, businesses have been warned that there is a higher threat level when it comes to cyberattacks due to the conflict that is likely to be here “for the long haul.”

Image:
Lindy Cameron is the head of the UK’s National Cyber ​​Security Centre. Photo: NCSC

NCSC Chief Executive Lindy Cameron said: “Ransomware remains the biggest online threat to the UK and we do not encourage or condone paying ransom demands to criminal organisations.

“Unfortunately, we have seen a recent increase in payments to ransomware criminals and the legal sector has a vital role to play in helping reverse that trend.

“Cyber ​​security is a collective effort and we urge the legal community to work with us as we continue our efforts to combat ransomware and keep the UK safe online.”

mrs cameron previously warned that the challenge that ransomware gangs posed to law enforcement was “acute,” as “the criminals responsible often operate beyond our borders and are increasingly successful in their efforts.”

“We expect ransomware to remain an attractive route for criminals as long as organizations remain vulnerable and continue to pay,” he said at the time.

While arguments have been made to criminalize paying ransoms, it poses a number of additional risks, such as providing criminals with an additional factor that they could use to extort money from their victims.

John Edwards described Facebook as
Image:
John Edwards is the UK Information Commissioner

Information Commissioner John Edwards added: “Engaging with cybercriminals and paying ransoms only incentivizes other criminals and does not guarantee that compromised files will be released.

“It certainly doesn’t reduce the scale or type of ICO enforcement action or the risk to people affected by an attack,” he added, responding to suggestions that some lawyers have told clients that paying criminals would be seen as a movement. to protect user data.

“We have seen that cybercrime has cost UK businesses billions over the last five years,” the commissioner said.

“The answer to that needs to be vigilance, good cyber hygiene, including maintaining proper backup files, and proper staff training to identify and stop attacks.”

“The organizations will get more credit from those arrangements than paying the criminals.

“I want to work with the legal profession and the NCSC to ensure that businesses understand how we will look at cases and how they can take practical steps to protect themselves in a way that we will recognize in our response should the worst happen.”

Leave a Comment