The UK’s National Crime Agency has published its annual National Strategic Assessment (NSA) of Serious and Organised Crime and it details how the overall threat from cybercrime has increased over the last year, with more severe and high profile attacks against victims.
The report notes that ransomware attacks have grown in frequency and impact over the course of the last year, to such an extent they rank alongside other major crimes “causing harm to our citizens and communities on a significant scale”.
In response to the report, please see below comments from security experts.
<p>Ransomware has evolved beyond the commodity. Widespread attacks are intended to infect a single endpoint, and include more advanced techniques, such as file-less malware and data exfiltration. One of the biggest drivers of ransomware success is the adoption of the Ransomware as a Service (RaaS) distribution model. These new strains of ransomware make prevention and planning more critical than ever to prevent attacks. Concurrently, ransomware authors are increasingly selling access to (RaaS) offerings that increase the number of attackers and malware variants. 2020 was the year of ransomware, with the wide availability of (RaaS) and the shift to double extortion tactics from attackers.</p> <p> </p> <p>With the traditional threat of ransomware still front and center and the added threat of data for sale on underground marketplaces, security leaders must plan for resiliency. Ransomware is not only cheap to purchase and download; it is also easy to spread with every business being a target, considering the current digital lifestyle. The rise of the RaaS distribution model is allowing budding criminals a straightforward way to start a cyber-extortion business with typically no technical expertise required, flooding the market with new ransomware strains. In fact, the growth in RaaS platforms is likely one of the primary reasons behind the massive spike in ransomware attacks.</p> <p> </p> <p>Organizations rely on their IT systems to sustain operations daily. Losing access to a server or database can bring everything to a standstill and hurt customers that rely on services. In the event of a ransomware attack, while organizations may want to resolve the issue quickly, authorities don’t recommend paying the ransom. How can you guarantee that the hackers have exited from your network entirely? There\’s a good chance they will simply wait a few hours or days and then execute another attack to extort your organization for more money. Remember, they are criminals. It\’s what they do.</p> <p> </p> <p>Plus, there is no way to be sure that a ransom payment will resolve the situation. The hackers may have other motives and might take the money without decrypting the files. Trying to negotiate with cybercriminals is not a good tactic, as they will interpret it as desperation and use it against you.</p>
<p>Looking at the long list of ransomware victims we have seen in the last year, it is clear that no company is immune to the threat. It doesn’t matter what security tools you have in place, determined hackers will always find a way in.</p> <p> </p> <p>As a result, many enterprises are seeing benefits in getting into a post-breach mindset before an attack actually happens. This allows them to prepare for attacks, understand the scope of damage that will occur when attackers get in, and then take steps to reduce risk.</p> <p> </p> <p>Defenders must remain vigilant at all times, even with their partners and colleagues and within the industry that they trust and work. Whether the attackers are using a shotgun approach and hacking into the easiest targets they can find, or they’re more laser-focused and targeting specific industries, sectors, or organizations….defenders should be preparing for a breach. All of the industry research leads to one conclusion….the threats are increasing, and defenders need more. More resources, more people, more budget, more tools, and more time.”</p>