Businesses grappling with ransomware attacks are finding alternative strategies, as the tide turns against payments to cybercriminals.
In a significant move to combat digital extortionists worldwide, an international agreement has been reached to address ransomware attacks. The UK government, in particular, has imposed sanctions on members of the Ryuk and Conti ransomware groups.
This agreement, focusing on government organisations and agencies, aims to increase collaboration between the public and private sectors. The UK government, for instance, has mandated that private companies must notify them before making any ransom payments, enabling authorities to advise on legal risks and potential sanctions against threat actors.
To avoid paying ransoms amid this global crackdown, private firms should focus on preventive cybersecurity practices. Here are some key rules and best practices:
- Mandatory Notification of Ransom Payment Intentions: While public sector and Critical National Infrastructure (CNI) organisations are banned from paying ransoms, private companies are still allowed to do so but must notify the government beforehand.
- Improving Cyber Resilience: Private firms are urged to strengthen cybersecurity defenses to reduce the likelihood and impact of attacks. This includes maintaining offline backups regularly, conducting incident response drills, employing robust network security, access controls, and threat detection.
- Avoiding Unauthorized or Covert Payments: Paying ransoms covertly can lead to serious legal, reputational, and operational consequences. Organizations should seek government guidance to ensure compliance with national regulations.
- Mandatory Incident Reporting: The UK government plans mandatory ransomware incident reporting, supporting law enforcement response and national cyber resilience.
- Legal Compliance and Guidance Seeking: Before making any ransom payment, organisations should seek government guidance to ensure compliance with national regulations, including sanctions law.
In addition, investing in better backup capabilities, data management, and security measures is advised to prevent ransomware attacks. Small business ransomware attacks are on the rise, as attackers exploit lower security budgets and outdated software of smaller businesses.
It's also crucial to identify critical data, ensure backups are complete and offline, and employ multi-factor authentication to mitigate ransomware risks. Organisations may need to negotiate with attackers over ransomware payments, and consulting with a legal team and using a third-party ransomware negotiation service is recommended during these negotiations.
The initiative aims to make things difficult for ransomware-as-a-service operators and their business model. Collaboration between companies and the public sector is key in this global ransomware crackdown. The no ransom pledge intends to leverage artificial intelligence (AI) and enhance information-sharing capabilities among nations.
Recent developments such as the information sharing agreement between the European Union Agency for Cybersecurity (ENISA) and US Cybersecurity and Infrastructure Security Agency (CISA) may complement this. A coalition of forty nations has signed an agreement as part of the International Counter Ransomware Initiative.
However, paying ransoms to attackers is not illegal unless the payment is made to a sanctioned entity. There are risks associated with paying ransoms, such as the possibility of repeat victimization by different groups of cyber-criminals. The money paid to cyber-criminals could potentially fund organised crime, human trafficking, terrorism, or other illegal activities.
Placing additional cyber security measures around sensitive data is vital to prevent its misuse in secondary crimes and fraud. As the global fight against ransomware continues, private firms must stay vigilant and follow these rules and best practices to protect their businesses.
[1] UK National Cyber Security Centre - Ransomware Action Plan [2] National Cyber Security Centre - Protecting Your Business from Ransomware [3] National Cyber Security Centre - Ransomware Notification Scheme [4] National Cyber Security Centre - Mandatory Ransomware Incident Reporting Consultation
- To bolster the collective cybersecurity defenses against ransomware attacks, private firms are encouraged to work closely with governments and participate in the no ransom pledge initiative, which aims to utilize artificial intelligence and improve information-sharing capabilities among nations.
- As a strategic step towards self-development and education in the realm of cybersecurity, organizations should adhere to best practices such as maintaining regular offline backups, conducting incident response drills, and implementing strong network security, access controls, and threat detection, with the goal of reducing the occurrence and impact of ransomware attacks.
