Ransomware continues to present serious challenges for businesses and organizations across the globe, and with attacks are on the rise, the UK and 38 countries have come together alongside international cyber insurance bodies to develop new guidance to support victims and boost resilience.
The new guidance will advise ransomware victims to carefully consider all options rather than rush to make payments, as data retrieval and malware removal are not guaranteed even if the ransom is paid, and cyber criminals are only emboldened to continue.
Instead, companies are encouraged to develop a comprehensive response framework in case of an attack, with policies and contingency plans in place. If an organization is targeted, the policy recommends reporting attacks to law enforcement, and seeking advice from security experts.
Global crackdown
Ransomware is a profitable business for criminals, with an estimated $1 billion lost to attacks in 2023. However, by taking away the incentive for cyber criminals, the new policies look to undermine the ransomware playbook and prevent future attacks where possible.
“Cyber criminality does not recognize borders. That is why international co-operation is vital to tackle the shared threat of ransomware attacks. This guidance will hit the wallets of cyber criminals, and ultimately help to protect businesses in the UK and around the world”, said Security Minister Dan Jarvis.
The UK is keen to be at the front of the fight against cybercrime and to lead the collaborative approach – bringing in three major UK insurance bodies (the Association of British Insurers, the British Insurance Brokers’ Association and the International Underwriting Association) to launch co-sponsored guidance for businesses.
The UK National Crime Agency recently announced it sanctioned 16 individuals from the ‘Evil Corp’ cyber criminal organization, an organization responsible for stealing over $300 million from critical infrastructure, healthcare, and government organizations around the world.
“Ransomware remains an urgent threat and organisations should act now to boost resilience,” noted Jonathon Ellison, NCSC Director for National Resilience.
“The endorsement of this best practice guidance by both nations and international cyber insurance bodies represents a powerful push for organisations to upgrade their defences and enhance their cyber readiness. This collective approach, guided by last year’s CRI statement denouncing ransomware and built on guidelines from the NCSC and UK insurance associations earlier this year, reflects a growing global commitment to tackling the ransomware threat.”
