A new framework published by the Ransomware Taskforce (RTF) highlights the power of collaboration to address widespread cyber threats.

As we all know, there are no borders in cyber.

The NCSC’s international partners are crucial to our ability to defend the UK against the proliferation of threats we face. So we were pleased to contribute to the work of the Ransomware Task Force (RTF), a US-led team convened in early 2021 with participants from governments, software firms, cyber security vendors, non-profit and academic institutions from across the world.

The aim of the RTF is to develop a robust plan to tackle the global ransomware threat, through deterring and disrupting the actors while helping ensure organisations are equipped to prepare and respond. This week the team launched its final report, directed primarily at the US government, which includes a framework of actions that together have the potential to reduce the harm from ransomware attacks globally.

Ransomware has become one of the most frequent and disruptive types of incident that the NCSC deal with. In our 2020 Annual Review, we noted that we’d handled more than three times as many incidents than the previous year. Attackers are increasingly raising the stakes by threatening to leak stolen data publicly where victims are reluctant to pay the ransom. We’ve also seen attackers grow more sophisticated, sitting on a network over time and looking round for the most high-value data to encrypt, as well as any online backups to obstruct recovery.

During the COVID-19 pandemic, attackers took advantage of the crisis in their selection of targets, which included hospitals in the US and Europe. Here in the UK we saw a spike in ransomware attacks affecting the education sector at a time when institutions were working hard to manage online learning, admissions and testing procedures. We have strengthened our engagement in these sectors in the last year to boost their defences and threat detection capabilities. This includes the NCSC’s Early Warning service, sharing of malicious indicators and Active Cyber Defence measures.

The disruption it causes means that ransomware is no longer a cyber security issue for organisations; as the Task Force’s report notes, it has become a national security risk that has the potential to impact public safety, particularly when hospitals and other critical national infrastructure are targeted. And since there is little an organisation can do once the ransomware hits, preparation is essential. Fortunately, the NCSC’s Mitigating Malware and Ransomware guidance has full details of how you can secure your network against an attack. We also strongly recommend that you test out a response plan using our Cyber Exercise Creation guidance, so you’re ready should the worst occur.

The RTF is a great example of the power of collaboration in addressing these widespread cyber threats. It is an approach that NCSC has embraced since its creation. Our established close partnerships with industry (including via the Industry 100 scheme) enable us to pool expertise, share capability and develop joint strategies for mitigation. We also work closely with law enforcement partners, (with whom we have developed a single matrix for classifying incidents and deliver effective joint responses to significant incidents) and policy departments, who are already actively considering many of the points covered in the Task Force’s report.

From:  NCSC