Ransomware is a national security threat, so please tell us about attacks, says government

Victims of ransomware attacks are being urged to come forward and report incidents in order to help prevent other companies being hit with what’s described as the biggest cybersecurity threat around.

Ransomware attacks have long been a significant cybersecurity issue, causing disruption to critical infrastructure, healthcare, businesses and services around the world. And the potential for disruption is so great that a UK government minister has described it as a national security threat. 

“The greatest cyber threat to the UK – one now deemed severe enough to pose a national security threat – is from ransomware attacks,” Steve Barclay, lead minister for cybersecurity told the National Cyber Security Centre’s (NCSC) CyberUK conference in Newport, Wales.

SEE: A winning strategy for cybersecurity (ZDNet special report)

Barclay said the National Crime Agency (NCA) receives, on average, one report about a victim of a Russia-based group responsible for ransomware attacks every week. No details were given about which ransomware gangs attacks have been reported by, but many of the most notorious cyber criminal groups are suspected to operate out of Russia. 

Ransomware attacks remain a cybersecurity problem because they’re effective. That’s because, despite warnings not to, a significant percentage of victims opting to pay a ransom in order to retrieve their encrypted files. 

It’s estimated that in 2020 alone ransomware attacks cost the UK £615 million – and it’s warned that the cost of ransoms has risen significantly since then. Barclay quoted figures suggesting the average ransom demand is $2.2 million.  

But even those eye-watering sums might only be scratching the surface of the true cost of ransomware attacks – because victims aren’t disclosing them, something he said needs to change. 

“The number of incidents – and indeed their economic cost to the UK – is likely to be much higher. Law enforcement teams believe that most attacks go unreported: perhaps through embarrassment or a reluctance to admit that money has indeed changed hands,” said Barclay. 

“So, I would encourage any organisation that suffers an attack to come forward,” he continued, adding: “By doing so, you will help us to strengthen our individual and collective resilience as we learn from each other”. 

SEE: What is ransomware? Everything you need to know about one of the biggest menaces on the web

The idea is that by reporting incidents, cybersecurity agencies can learn more about them, then can use that information to help other organisations from falling victim to attacks, as well as advising businesses on best practices about what to do should they fall victim to an incident. 

Some of the advice from the NCSC on protecting against ransomware attacks and other malicious cyber incidents includes providing users with multi-factor authentication, applying security patches and regularly testing the cybersecurity of the network. Barclay said that the government also follows this advice. 

“The government is stress-testing its own defences, too. The more complete our security picture, the better we would handle any attack,” he said.  

MORE ON CYBERSECURITY

• Want to boost your cybersecurity? Here are 10 steps to improve your defences now
• This company was hit with ransomware, but didn’t have to pay up. Here’s how they did it
• Inside a ransomware incident: How a single mistake left a door open for attackers
• Clueless hackers spent months inside a network and nobody noticed. But then a ransomware gang turned up
• FBI warning: Ransomware gangs are going after this lucrative but unexpected target