Organisations in the UK have been provided with new guidance to handle ransomware incidents, a significant threat in the current cybersecurity landscape.
The guidance, developed jointly by the National Cyber Security Centre (NCSC) and insurance industry bodies ABI, BIBA, and IUA, aims to assist organisations and their partners in responding effectively to ransomware attacks.
Understanding ransomware threats
Ransomware attacks involve cybercriminals gaining unauthorised access to a network, encrypting data, and demanding a ransom, often in cryptocurrency, for a decryption key.
These attacks pose a serious threat to organisations, often resulting in significant disruption and potential data breaches. Increasingly, attackers threaten to release or sell stolen data unless their demands are met.
However, even after paying a ransom, there is no guarantee that the criminals will delete or not sell the data later.
The new guidance emphasises the importance of careful decision-making and planning. It suggests that organisations thoroughly assess their options before deciding to pay any ransom, which may not guarantee recovery of access or data.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataVictims are encouraged to explore alternative methods of recovery, such as using backups or obtaining decryption keys from third-party sources like law enforcement.
Steps for organisations during an attack
Don’t panic and assess options
The guidance advises organisations not to rush decisions during an attack. Ransomware attackers often apply pressure to force quick payments.
It is crucial to evaluate all possible recovery options, including not paying the ransom, to make informed decisions. Alternatives such as viable backups or assistance from law enforcement could be explored.
The guidance also highlights the importance of consulting external experts, including insurers and cyber incident response (CIR) companies, to improve decision-making.
Documenting and involving key personnel
Recording every step of the incident response, including decisions made and actions taken, is essential. These records can be vital for post-incident reviews and compliance requirements.
Organisations should involve relevant personnel from various departments in the decision-making process, ensuring that the strongest possible evidence supports all options.
Technical staff and decision-makers should work together to evaluate the incident’s impact on business operations, data security, and finances.
Understanding legal and regulatory implications
Legal and regulatory considerations are crucial when dealing with ransomware attacks. Payments may not be lawful, especially if made to sanctioned entities. Organisations must consider applicable laws across all jurisdictions where they operate.
The Information Commissioner’s Office (ICO) stresses that paying a ransom does not mitigate risks or reduce potential penalties. It is important for organisations to report incidents to UK authorities.
The NCSC provides support and can help manage communication with the government, potentially leading to more favourable regulatory outcomes.
Importance of preparedness
The guidance underscores the need for organisations to prepare for potential incidents. The NCSC offers comprehensive advice on developing an incident management capability and preventing ransomware attacks.
By understanding the root causes of incidents and implementing appropriate mitigation measures, organisations can reduce the risk of future attacks.
Ultimately, the decision to pay a ransom lies with the victim organisation, but the guidance encourages a strategic and informed approach to minimise the impact of such attacks.
Organisations are urged to utilise available resources and expertise to navigate these complex situations effectively.