The National Cyber Security Centre (NCSC) has teamed up with insurance bodies to try and reduce the amount being paid by ransomware victims.
Concerned that too many organizations are paying ransoms, the NCSC, along with GCHQ and the Association of British Insurers (ABI), British Insurance Brokers’ Association (BIBA) and International Underwriting Association (IUA), said they want their guidance to help victims make informed decisions.
Considerations include the thorough assessment of business impact, reporting protocols, and where to access sources of support.
"The NCSC does not encourage, endorse or condone paying ransoms, and it’s a dangerous misconception that doing so will make an incident go away or free victims of any future headaches. In fact, every ransom that is paid signals to criminals that these attacks bear fruit and are worth doing," said NCSC CEO Felicity Oswald.
"This cross-sector initiative is an excellent next step in foiling the ransom business model: we’re proud to support work that will see cyber criminals’ wallets emptier and UK organizations more resilient."
Ransomware remains the biggest day-to-day cyber security threat to UK organizations, and the number of attacks is rising, the agency warned. Paying a ransom doesn't guarantee the end of an incident nor the removal of malicious software from victims’ systems.
However, it does provide incentives for criminals to continue and expand their activities. Even following payments, cyber criminal groups will lie about having deleted the data, the guidance points out.
The NCSC advises reviewing all the options - including not paying, keeping careful records of decision-making, and where possible consulting experts as well as staff.
Victims should assess the impact on business operations and data, as well as the financial implications, and should investigate the root cause of the incident to avoid a repeat attack.
If organizations do pay up, they should make sure it's legal to do so, and should be aware that paying a ransom does not fulfill their regulatory obligations. Similarly, they must make sure they report the incident to the authorities.
NCSC guidance welcomed by industry
Helen Dalziel, IUA director of public policy, said that the payment of ransoms in response to cyber attacks is on a downward trend globally.
"Businesses are realizing that there are alternative options and this guidance further illustrates how firms can improve their operational resilience to resist criminal demands," she commented.
Raghu Nandakumara, head of industry solutions at security firm Illumio, said he welcomes the advice, adding he'd like to see more guidance to help businesses build resilience and contain attacks.
"More often than not, recovery plans are inadequate or have not been properly tested, which makes them unviable when a real incident does occur. As a result, organizations are left with no choice but to pay the ransom to restore operations and productivity levels as quickly as possible," he said.
"The NCSC should encourage businesses to adopt an ‘assume attack’ mindset. This is not admitting defeat - instead it focuses on preparing to respond effectively to a cyber incident and building resilience."
-
Enterprises face delicate balancing act with data center sustainability goalsNews High energy consumption, raw material requirements, and physical space constraints are holding back data center sustainability efforts, according to new research from Seagate.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Five Eyes cyber agencies issue guidance on edge device vulnerabilitiesNews Cybersecurity agencies including the NCSC and CISA have issued fresh guidance on edge device security.
-
"Thinly spread": Questions raised over UK government’s latest cyber funding schemeThe funding will go towards bolstering cyber skills, though some industry experts have questioned the size of the price tag
-
State-sponsored cyber crime is officially out of controlNews North Korea is the most prolific attacker, but Russia and China account for the most disruptive and tightly-targeted campaigns
-
Modern enterprise cybersecuritywhitepaper Cultivating resilience with reduced detection and response times
-
IDC InfoBrief: How CIOs can achieve the promised benefits of sustainabilitywhitepaper CIOs are facing two conflicting strategic imperatives
-
The NCSC and FBI just issued a major alert over a state-backed hacker group – here’s what you need to knowNews State-affiliated attackers are targeting individuals via spear-phishing techniques, according to the NCSC
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
The NCSC wants to know how your business is using honeypots to combat hackersNews The NCSC hopes to encourage the use of cyber deception techniques within the UK, across government and critical national infrastructure
