Ransomware: Dramatic increase in attacks is causing harm on a significant scale

National Crime Agency report warns of the rise in frequency and severity of ransomware attacks as cyber criminals exploit increase in remote working.

Why is ransomware such a big threat and how do you defend your network against it?

A dramatic increase in the number of ransomware attacks and their severity is causing harm on a significant scale, the UK's National Crime Agency (NCA) has warned.

The NCA's annual National Strategic Assessment (NSA) of Serious and Organised Crime details how the overall threat from cybercrime has increased during the past year, with more severe and high-profile attacks against victims.

Ransomware attacks in particular have grown in frequency and impact over the course of the last year, to such an extent that they rank alongside other major crimes "causing harm to our citizens and communities on a significant scale," warns the report.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  

One of the things that has made ransomware much more dangerous is the increase in attacks that don't just encrypt networks and demand a ransom paid in Bitcoin or other cryptocurrency in exchange for the decryption, but also see cyber criminals steal sensitive information from the victim organisation that the crooks threaten to publish it if their extortion demands aren't met, potentially putting employees and members of the public at risk of additional fraud.

According to the NCA report, over half of ransomware attacks now deploy this double extortion technique.

In addition to this, ransom demands are rising, often reaching millions of pounds, and the increased severity of attacks is reflected by the impact on businesses and other organisations, which aren't able to provide public services after falling victim to ransomware.

The paper details the ransomware attack against Redcar and Cleveland Borough Council in Februrary 2020 as an example of how cybercrime can have consequences for society. As a result of the ransomware attack, the local authority was briefly unable to deliver frontline services, including functions around vulnerable children and adult care. The attack encrypted data relating to school admissions, delaying the placement process for students.

The NCA worked with the National Cyber Security Centre (NCSC), law enforcement and local authorities in order to help restore services.

Since then, the cyber threat has increased as criminals have exploited the COVID-19 pandemic and the rise of remote working as a means of gaining access to networks, via phishing attacks or breaching cloud services, remote desktop protocol services and VPNs. "The increase in home working has increased risks to individuals and businesses," says the report.

Universities and schools have become regular targets for ransomware attacks, while organisations including the Scottish Environment Protection Agency (SEPA) and UK Research and Innovation (UKRI) have become high-profile victims of ransomware attacks against UK targets this year.

SEE: This company was hit by ransomware. Here's what they did next, and why they didn't pay up

But despite the increasing threat of ransomware and the scale of the damage that can be done, it's possible to take steps to avoid falling victim to it in the first place.

The NCA recommends organisations keep software up to date by applying patches in order to prevent cyber criminals from being able to exploit known vulnerabilities to gain access to the network.

Organisations should also ensure that staff are using strong, unique passwords in order to prevent them being breached in brute-force attacks and that two-factor authentication should be applied where possible to provide an extra barrier to cyber criminals, should they successfully crack an account.

It's also recommended that organisations back up important data to an external hard drive or to cloud-based storage, so if the worst happens and they are hit by a ransomware attack, data can be recovered without paying cyber criminals for the decryption key.

MORE ON CYBERSECURITY