Paying a ransom does not guarantee a successful outcome and will not protect networks from future attacks, says home secretary

Speaking at the National Cyber Security Centre virtual conference in May, UK home secretary Priti Patel said the government does not support victims of ransomware paying the ransom.

“Government has a strong position against paying ransoms to criminals, including when targeted by ransomware,”she said.

“Paying a ransom in response to ransomware does not guarantee a successful outcome, will not protect networks from future attacks, nor will it prevent the possibility of future data leaks. In fact, paying a ransom is likely to encourage criminality to continue to use this approach.”

She advised organisations to be proactive following an attack. “Be as prepared and engage with the NCSC and law enforcement as soon as you can, so they can assist with understanding and mitigating the incident.

“Understand the consequences of an incident and how it will affect your organisation in the future. This is not just about loss of data; there can be real disruption and significant impacts.

“Learn from incidents - prepare and exercise your response.

“Ransomware, like other cybercrime types, has no boundaries. The challenge of investigating and identifying those responsible is one we share with our international partners.”

According to former NCSC chief Ciaran Martin organisations and their insurers have been complicit in the rise of ransomware. Speaking to the Guardian newspaper in January, he said he feared that ransomware was “close to getting out of control”.

Steve Arlin, VP sales, UK, Americas & APAC at ProLion advises organisations to adopt a ‘defence-in-depth’ approach. “This means using layers of defence with several mitigations at each layer. You’ll have more opportunities to detect [ransomware], and then stop it before it causes real harm.”

“Given the Home Secretary is now calling on organisations to take this threat seriously businesses must now start thinking that a ransomware attack is not just about the loss of data, it can put supply chains at risk, and lives on the line.

Risk to critical infrastructure

The sophisticated attack on the Colonial Pipeline in the US, which forced one of the nation’s biggest gasoline pipelines to shut down, is a timely reminder of the vulnerability of energy infrastructure to ransomware attacks.

“The Colonial Pipeline attack isn’t the first on a US energy facility. Aging US energy and power infrastructure makes it particularly vulnerable to cyberattack threats in our view,” according to Bloomberg Intelligence senior industry analyst Charles Graham.

Industries at particular risk include manufacturing, shipping, energy, and transportation as all rely on industrial control systems which when breached can lead to major insured losses from explosions and safety system failures.