Ransomware continues to pose significant issues for businesses and organisations around the world, and with attacks on the rise, the UK and 38 other nations have joined forces with international cyber insurance authorities to create new guidelines aimed at bolstering resilience and providing help to victims.
The new guidance will advise ransomware victims to carefully evaluate all options before making payments, as data restoration and malware eradication are not guaranteed even if the ransom is paid, and hackers are just encouraged to continue.
Instead, firms are advised to create a thorough response architecture in the case of an attack, that includes regulations and contingency plans. If an organisation is targeted, the policy suggests reporting the attack to law police and consulting with security professionals.
Global crackdown
With an expected $1 billion lost to ransomware attacks in 2023, ransomware is a lucrative business for criminals. But the new regulations aim to undercut the ransomware playbook and, if at all possible, stop future attacks by removing the incentive for attackers.
“Cyber criminality does not recognize borders. That is why international co-operation is vital to tackle the shared threat of ransomware attacks. This guidance will hit the wallets of cyber criminals, and ultimately help to protect businesses in the UK and around the world”, stated Security Minister Dan Jarvis.
The United Kingdom is eager to lead the collaborative approach to combating cybercrime, so three major UK insurance bodies (the Association of British Insurers, the British Insurance Brokers' Association, and the International Underwriting Association) have joined forces to launch co-sponsored guidance for businesses.
The UK National Crime Agency recently sanctioned 16 members of the 'Evil Corp' cybercriminal outfit, which is responsible for stealing more than $300 million from critical infrastructure, healthcare, and government organisations worldwide.
“Ransomware remains an urgent threat and organisations should act now to boost resilience," noted Jonathon Ellison, NCSC Director for National Resilience. “The endorsement of this best practice guidance by both nations and international cyber insurance bodies represents a powerful push for organisations to upgrade their defences and enhance their cyber readiness. "
“This collective approach, guided by last year’s CRI statement denouncing ransomware and built on guidelines from the NCSC and UK insurance associations earlier this year, reflects a growing global commitment to tackling the ransomware threat.”