The National Cyber Security Centre (NCSC) and Information Commissioner's Office (ICO) are warning businesses to stop rewarding criminal gangs of cyber hackers by paying ransoms and are asking law firms for their help to prevent organisations paying out ransomware criminals.
There is a mistaken belief by companies' legal advisors that paying a ransom could protect the stolen data. There has been a sharp rise in ransomware attacks recently in which gangs embed malware in a firm's IT system encrypting their data. They then demand a ransom for the decryption key or return of the information if they have extracted and stolen it.
The CEO of the NCSC, Lindy Cameron, and the Information Commissioner heading up the ICO, John Edwards, have confirmed that ransomware attacks remain the biggest online threat to the UK and account for around 1 in 10 of all data breaches worldwide. Both have emphasised the alarming increase in recent months of such attacks, with significant sums of ransom money being paid by firms. However, engaging with cyber criminals and paying ransoms only incentivises other criminals and will not guarantee that compromised files are released. Mr Edwards has warned that the ICO will not consider ransom payments to criminals as "mitigating the risk of the individuals". In addition to this, it will not reduce the penalties companies face if they were responsible for the attack.
Prevention
The NCSC and ICO's publication serves as an important reminder for companies to review and strengthen their ransomware practices. As such, we have set out below, low-cost guidance on mitigating the ransomware threat, within your business:
- Back up regularly: up-to-date backups are the most effective way of recovering from a ransomware attack. For instance, make regular backups of your most important files and ensure you create offline backups that are kept separate as well as in a different location (ideally offsite) from your network and systems.
- Prevent malware from being delivered and spreading to devices: Filter your devices to only allow file types you would expect to receive, block websites that are known to be malicious and use signatures to block known malicious codes.
- Prevent malware from running on devices: Your organisation should use centrally manage devices to only permit applications trusted by the enterprise to run on your devices i.e use technologies such as AppLocker or trusted app stores. Organisations should also consider whether enterprise antivirus or anti-malware products are necessary and keep the software up to date as well as provide security education and awareness training to staff.
- Prepare for an incident: Organisations should identify their critical assets and determine the impact of these if they were affected by a malware attack. NCSC encourages organisations to develop an internal and external communication strategy as well as a detailed plan for how your organisation should respond to an attack.
Summary
We would encourage you to read the NCSC's guidance in full, please see link below to see further practical advice for dealing with a ransomware attack. Mitigating malware and ransomware attacks - NCSC.GOV.UK
Alternatively our cyber and data protection experts would be happy to speak with you about preparing for and responding to these types of attacks. We appreciate that the true cost of a data breach is more than just a number. Penalties from regulators and damage to reputation can lead to business disruption, lost trade and management time and the costs of internal investigations and disciplinary procedures.
