Introduction
In a significant move to combat the growing threat of ransomware, the United Kingdom, Singapore, and 38 other nations, including the United States, Australia, and Japan, have joined forces to support new international guidelines aimed at helping ransomware victims. This collective effort, formalised at the Counter Ransomware Initiative (CRI) on 1 October 2024, signals a global push to boost cyber resilience and curtail the profitability of ransomware attacks.
A Global Response to a Borderless Threat
Ransomware attacks have rapidly become the most pressing cyber threat for businesses and organisations worldwide, and the need for an international, coordinated response has never been more urgent. As cybercriminals operate without respect for borders, international cooperation is essential in tackling this shared threat. By collaborating with cyber insurance bodies and law enforcement, the new guidance offers a robust framework to support organisations experiencing ransomware attacks.
The CRI, a unique multilateral forum, provides a platform for nations and cybersecurity stakeholders to develop strategies and policies to undermine the business model of ransomware criminals. The involvement of cyber insurance companies, such as the Association of British Insurers and the British Insurance Brokers’ Association, underlines the critical role insurance plays in both preparedness and response to these incidents.
Key Principles of the New Guidance
The newly agreed-upon guidance encourages organisations to resist the urge to immediately pay ransoms. Paying ransoms not only emboldens cybercriminals to continue their operations but also does not guarantee data recovery or an end to the attack. Furthermore, evidence has shown that even when ransoms are paid, criminals often retain stolen data, increasing the risks of future breaches.
Instead, businesses are advised to:
- Report the attack: Law enforcement authorities can provide crucial support and intelligence, helping to mitigate the impact of the breach.
- Check for data backups: Having robust data backup strategies in place ensures that data can be restored without rewarding criminal activity.
- Seek expert advice: Cybersecurity professionals can provide immediate guidance on mitigating damage, containing the attack, and initiating recovery.
- Implement proactive measures: Organisations should establish clear cybersecurity frameworks, policies, and contingency plans ahead of potential attacks to reduce risks.
This approach is designed to cut the lifeline that enables ransomware groups to thrive: the financial incentives from victim organisations paying ransoms. By removing these incentives, the guidance aims to reduce the frequency of attacks and help foster long-term cyber resilience.
Economic and Social Impact of Ransomware
The financial toll of ransomware attacks has been staggering. In 2023 alone, global ransomware victims lost over $1 billion, with cybercriminals constantly evolving their tactics to extract greater profits. The UK and Singapore, leading this initiative, have highlighted that the implications of ransomware extend beyond financial losses. Critical infrastructure, public services, and national security have all been targets, including in attacks linked to notorious groups like Evil Corp and LockBit.
Evil Corp, a long-standing Russian cybercrime syndicate, has been at the forefront of global ransomware activity, particularly in attacks on UK healthcare and public institutions. This group, along with its affiliates, has been targeted by joint sanctions from the UK, US, and Australia. Infiltrations by the UK’s National Crime Agency into these groups have revealed a concerning reality—many cybercriminals continue to exploit stolen data, even after a ransom has been paid, reinforcing the message that payment does not guarantee safety.
The Role of Cyber Insurance in Resilience
The UK’s National Cyber Security Centre (NCSC) has worked closely with major insurance bodies to develop co-sponsored guidance aimed at improving organisational preparedness for ransomware. Insurance providers are increasingly recognising their pivotal role in promoting cyber hygiene and resilience. By endorsing best practices, insurers are helping organisations bolster their defences, ensuring that victims of ransomware are equipped to respond effectively.
Jonathon Ellison, the NCSC Director for National Resilience, emphasised the urgency for organisations to act now, warning that ransomware remains a critical threat. The involvement of international insurers amplifies the reach of this guidance, fostering a global commitment to enhancing cybersecurity standards.
Building a Future of Cyber Resilience
The CRI’s efforts, including last year’s ground-breaking joint statement denouncing ransomware payments, reflect a growing consensus that paying ransoms is counterproductive. This sentiment, supported by both governments and the private sector, has been key in shaping global policies designed to thwart cybercriminals.
The timing of this guidance, coinciding with Cyber Security Awareness Month 2024, reinforces the message that organisations need to prioritise building their cyber resilience. From implementing robust backup solutions to ensuring they have actionable incident response plans, businesses are urged to take pre-emptive steps to mitigate the risk of falling victim to ransomware attacks.
Conclusion:
The UK and Singapore’s leadership in this international effort marks a pivotal moment in the fight against ransomware. By pushing for a coordinated, global response and discouraging ransom payments, this initiative aims to protect organisations worldwide and reduce the profitability of cybercrime. For companies seeking expert support, outsourced services like Formiti’s Data Protection Officer (DPO) service can play a crucial role in strengthening resilience and ensuring compliance with these evolving global standards.