UK, US, Australia issue joint advisory: Ransomware on the loose, critical national infrastructure affected
Don't pay extortionists? Firms shelled out $5bn in Bitcoin in 6 months
Ransomware attacks are proliferating as criminals turn to gangs providing turnkey post-compromise services, Britain's National Cyber Security Centre (NCSC) has warned.
In a joint UK-US-Australia advisory issued this afternoon, the three countries said they had "observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally."
The warning comes hot on the heels of several high-profile attacks against oil distribution companies and also businesses that operate ports in the West – though today's note insists there was a move by criminals away from "big game hunting" against US targets.
Among the main threats facing Western organisations were the use of "cybercriminal services-for-hire". These, as detailed in the advisory, include "independent services to negotiate payments, assist victims with making payments, and arbitrate payment disputes between themselves and other cyber criminals."
Payment is what it's all about and the advisory condemned the paying of ransoms, saying: "Every time a ransom is paid, it confirms the viability and financial attractiveness of the ransomware criminal business model."
- Cyberattacker hits German fuel logistics firm
- Canadian Netwalker ransomware crook pleads guilty to million-dollar crimes
- Vice Society said to be behind digital break-in at UK umbrella and accounting group
- Nothing to scoff at: Crisps and nuts biz KP Snacks smacked in ransomware hack attack
The NCSC told The Register today's warning was not linked to a potential Russian invasion of Ukraine, with the advisory adding that the shift away from the US by criminals hasn't really affected Britain: organisations of all sizes are still in the firing line – even those making the nation's favourite snacks.
Common routes into an organisation's IT infrastructure for a ransomware attack range from compromise of cloud applications and storage (including attacks leveraging improperly secured APIs), to supply chain attacks such as those directed against upstream MSPs, and the age-old tactic of attacking on a weekend or holiday.
The full note is on the NCSC website.
Many ransomware gangs are believed to be based in Russia and the country has a storied history of state-directed cyber attacks against the West.
According to ESET's latest Threat Report, out today, ransomware attacks "surpassed the worst expectations of 2021" and in the first half of the year alone companies across the globe collectively paid out some $5bn in bitcon to make the bad things stop. ®