Ransomware is proliferating, the director of the UK intelligence agency GCHQ has said. We’ve seen twice as many attacks this year as last year in the UK – but the reason it’s proliferating is because it works, said Sir Jeremy Fleming.
He told The Cipher Brief’s fifth Annual Threat Conference, in conversation with Suzanne Kelly: “It just pays. Criminals are making very good money from it and are often feeling that that’s largely uncontested and as international players here is intelligence organisations and for those who are present here as well from law enforcement organisations, we’ve got to get our head around what this means and we have up until quite recently left a lot of this playing space to those criminal actors in effect to proliferate and to make a lot of money.
“But the second lesson is it’s not rocket science to defend against this sort of stuff we know that if you do fairly basic cyber security, if you are really clear at an organisational level about things that you need to protect and if you are very diligent in implementing the guidance of your cyber security professionals and your technology partners then you’re going to protect yourselves or at least make you harder than competitors and therefore you won’t be as much of a target so you know there’s a sort of a general lesson it’s a really boring lesson we hack on about it a lot in the UK. Back up your data, make sure you’ve got your admin right, sorted out, make sure your passwords are properly protected exercised all of this, work out where your thresholds are have thought in advance how you would respond if you were approached for ransom, all those sorts of things, it’s just basic stuff.”
For the full interview visit the GCHQ website.
Comments
Raj Samani, Chief Scientist and McAfee Enterprise fellow, said: “Our recent research revealed a surge in ransomware threats related to the REvil/Sodinokibi family in Q2 2021, with these types of attacks accounting for 73 per cent of detections. The research also revealed that the most targeted sector by ransomware was Government, followed by Telecom, Energy, and Media and Communications.
“To get ahead of adversaries, organisations should use threat intelligence to predict and prioritise potential threats before pre-emptively adapting their defensive countermeasures, ensuring optimised security and future business resilience. By deploying a strategy that blends both Zero Trust and SASE approaches, enterprises can also be more confident knowing that they have the necessary barriers in place to protect against sophisticated ransomware attacks.
“Ultimately, as cybercriminals adapt their methods to target the most sensitive data and services, organisations must shore up their defences to mitigate further threats. By improving their cybersecurity measures, organisations can rest easy knowing they have taken the correct steps to protect themselves and their workforce from ransomware attacks.”
No one is immune, said Dan Middleton, Vice President UK & Ireland at Veeam. “If businesses don’t take action and help create a culture of deterrence, it’ll soon get out of control. The key is in employing effective data management strategies, starting with what we call the 3-2-1-1-0 rule to ensure recoverability from cyberthreats. This concept calls for 3 or more copies of data on 2 or more different types of media, 1 of which is offsite, 1 copy of which is offline, air-gapped or immutable (to ensure backup data is free from infection), and the 0 is to ensure that your backups are valid so that when you go to restore data that your recovery will be successful.
“Ransomware threats are serious and can severely impact customer trust and satisfaction, which in turn has financial consequences. Right now, ransomware is effectively a victimless and unpunishable. It is victimless in the sense that the majority of businesses are insured against their losses and unpunishable due to the fact there is no agreed global legal framework. Cybercrime knows no borders. It may seem an obvious thing to say but in terms of law and order it’s a huge challenge. If a criminal from another country comes to the USA and commits a crime against a business of American soil, there is an entire diplomatic process to ensure this person is brought to justice and the victim is compensated. This simply isn’t the case when it comes to ransomware.
“To avoid this, and help businesses get their services back up and running quickly, leaders need to focus on the fundamentals. Every business needs a CISO in place with access and authority. Governments must come down harder on businesses who pay ransoms. The minute businesses stop paying ransoms, we’ll see a huge reduction in the popularity of ransomware as an extortion technique.”
