NCSC asks businesses to prepare against destructive ransomware attacks
23 November 2018
In a recent advisory, the UK’s National Cyber Security Centre (NCSC) has warned about the growing cyber threat posed by new ransomware variants and has asked organisations to stay prepared against future attacks as such attacks have the capability of inflicting wide-scale disruption.
In August this year, security firm Proofpoint revealed in its Q2 2018 Threat Report that after a brief lull during the first quarter this year, ransomware attacks returned with a vengeance and the share of ransomware as a proportion of malicious campaigns jumped from 1% in the first quarter to 11% between April and June this year.
The firm observed that new ransomware families such as Sigma, GlobeImposter, and Gandcrab pushed overall ransomware volumes in the second quarter, with Gandcrab accounting for a majority of ransomware attacks in the period, even though the gross count of ransomware attacks was nowhere close to 2016 and 2017 levels.
Ransomware may cause wide-scale disruption
In a recently-published advisory that confirmed Proofpoint’s assessment of ransomware attacks, the National Cyber Security Centre warned businesses that ransomware attacks still pose a major cyber threat and are capable of inflicting wide-scale disruption.
“Throughout 2018, the NCSC has seen a trend in more targeted ransomware attacks. Criminal actors analyse victim networks to understand their ‘value’ and set a ransom demand based on that perceived value.
“Through analysis of the victim network and lateral movement, actors also seek to ensure that their malicious activity has the maximum impact on the victim organisation – potentially denying the victim access to business-critical files and systems and disrupting the operations of the victim organisation,” it said.
The cyber security watchdog added that even though it is well known that Windows operating systems are vulnerable to ransomware attacks, similar attacks have recently been launched by cyber criminals against Mac and Linux systems as well.
“The methods for infecting systems with ransomware are similar to those used with other types of malicious software, as are the steps organisations can take to protect themselves. Depending on an organisation’s level of preparation, ransomware infection can cause minor irritation or wide-scale disruption,” it said.
Defending against ransomware attacks
NCSC added that if businesses are serious about warding off future ransomware attacks and protecting their systems and data from compromise, they must regularly patch their devices with the latest software updates, prevent and detect lateral movement in their enterprise networks, and implement architectural controls for network segregation.
At the same time, businesses have also been advised to implement new policies to whitelist applications, set up security monitoring capability in order to collect data that will be needed to analyse network intrusions, adhere to the cloud provider’s best practices for remote access, use antivirus solutions and keep them up-to-date at all times.