National cyber agencies of the US, UK and Australia have urged businesses to take ‘protective action’ against an increase in ‘sophisticated, high-impact’ ransomware attacks.
In a joint advisory the three agencies, the UK’s National Cyber Security Centre (NCSC), the Australian Cyber Security Centre (ACSC), and the US’s FBI and Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have urged companies not to pay ransoms to cyber criminals because it simply reinforces their business model and encourages more attacks. Businesses are also encouraged to report incidents to their national cyber agency.
The bodies joined forces for the first time to warn of more technologically sophisticated attacks from increasingly professional criminal groups, which in some cases recruit negotiators to secure a ransom from businesses and set up 24/7 help centres to expedite ransom payments and restore systems in return.
NCSC, ACSC, FBI, CISA and NSA said 2021 saw cyber attackers increase their impact by targeting cloud services, industrial operations and the software supply chain.
US agencies said 14 out of 16 of the nation’s critical infrastructure sectors were involved in ransomware incidents last year. But the US noted a shift away from attacks on ‘big game’, or high-value and critical businesses, in the second half of 2021, after an increase in FBI scrutiny following the Colonial Pipeline attack. This has shifted criminals’ focus to mid-sized businesses.
In the UK, education was one of the most targeted sectors. There was also rise in ransomware attacks against businesses, charities, the legal profession and public services in the country.
Agencies from all three countries said phishing emails, exploitation of RDP and software vulnerabilities were the top three vectors for ransomware attacks in 2021.
They warned that ransomware incidents will only increase further if ransoms are paid, as it keeps the ransomware model profitable. “Every time a ransom is paid, it confirms the viability and financial attractiveness of the ransomware criminal business model,” the advisory note said. M