NCSC report confirms ransomware industry is now thriving Vecara comments
September 2023 by Vecara
This week, the UK’s National Cyber Security Centre (NCSC) and National Crime Agency (NCA) published a joint whitepaper* examining the ongoing evolution of the business models and underpinnings of the cybercriminal ransomware ecosystem. It examines how the tactics of organised criminal groups have evolved as extortion attacks have grown in popularity with the ransomware industry evolving into a sophisticated supply chain defying western governments, leaving exposed businesses on the back foot.
Michael Smith, field CTO at Vercara offers the following statement:
“Ransomware continues to be the most dominant threat to UK organisations and is having catastrophic consequences on critical national infrastructure (CNI) and other vital services. While many cyberattacks leave businesses unscathed, 18 ransomware incidents elicited a national level response or government intervention. Given increased geopolitical tensions and a rise in cyberwarfare, international leaders and governments have acknowledged this threat at a global scale and the risk it poses to crucial services. Just last year, the European Commission proposed new rules to ensure greater consistency and efficiency in cyber and information security measures across EU institutions, bodies, offices and agencies.
“All this data goes highlights the scale of the challenge ahead for the cybersecurity sector. Cybercriminals attack everybody, it’s their means of revenue. All business leaders must assume that at some point they will be one of their targets. The criminals running these campaigns are looking to cause as much disruption as possible with maximum impact and even bigger reward. Earlier forms of ransomware typically resulted in downtime or unavailable data, but newer strains are emerging, and threat actors are constantly changing their tactics with some threatening a Distributed Denial of Service (DDoS) style-attack.
“Attackers often adopt a triple extortion method or contact the organisation’s customers as a quadruple extortion by using the same malware and various paths to monetisation. Double, triple and even quadruple-extortion pulls organisations from corrective controls focused on asset and data availability, such as backup and recovery, to detective and preventative controls focused on integrity and confidentiality. Whereas double-extortion ransomware involves multiple host or network events that can be detected and traced. Typically, this process includes infection through phishing or a drive-by web browser download, then malware command and control, data discovery across the network and, finally, there is exfiltration of the data.”