Your cyber intelligence source

Should the government ban firms from paying ransoms?

Steve Forbes, head of product at Nominet, takes a look at the state-of-play for UK cybersecurity amid a year of relentless attacks

Over the last few years we’ve seen mounting economic losses and supply chain attacks that have compromised entire nations, which have highlighted the threat of cyberattacks to national security. 

More recently, geopolitical activity and real-world warfare has become increasingly mirrored in the cyber sphere as Russia was accused of a series of cyber attacks this year against the Ukrainian government.  

With the heightened threat to major economies and even lives, we are getting dangerously close to a tipping point. 

Last year the NCSC dealt with a record number of cyber incidents, while this year governments have already been pressed into action time and time again and will need to keep the pressure on and take an even more active role in cyber defence to stem the rising tide.  

Increased role for governments in the security of critical national services

It’s increasingly unrealistic and unfair to expect CNI providers and essential public services to exclusively bear the burden of security and the national security risks entailed. Again, there have been numerous examples of cyber criminals targeting these organisations with disastrous effect, such as the attack against communications company Viasat that took down internet access and even disrupted wind farms in central Europe. 

The callousness of attacks has been trending upwards, with hackers disrupting the operations of councils in the UK and the Irish Health Service Executive hit hard by a ransomware attack and facing massive recovery costs. Hospitals should be focusing all their attention on the wellbeing of their patients and not combating cyber criminals.  

Of course, it is important that public services and CNI continue to bolster their own security, but there is an increasingly important role to play for government-led active measures to protect national assets against cyber crime. 

The NCSC’s Active Cyber Defence, which includes Protective DNS, is just one example. It’s been a collaborative effort that’s been delivering benefit at a national scale, from protecting the NHS and healthcare providers at the height of the pandemic to blocking tens of millions of malicious domain requests.  

Legislating security

Discussions within governments on ways to tackle the problem legislatively are also starting to bear fruit. 

Earlier this year, the US successfully passed a bill that will require CNI organisations to report significant cyber incidents, ransomware payments, and more within days of them happening.

Australia too has introduced and passed cyber legislation to boost the security and resilience of the nation’s critical infrastructure over the last year. 

Even more recently, the EU has agreed on new legislation that will require critical services to flag cyber incidents within 24 hours. This is a good start in acknowledging the special circumstance for critical services and something that we hope to see more nations to consider emulating to shore up their national security in the cyber realm.  

Talk of banning ransomware payments has been bandied about, and we may very well see legislation introduced at some point, but it’ll be easier said than done. On one side banning payments would make it harder for cyber criminals to move money and cryptocurrencies around, but an outright ban could have unintended consequences by moving the problem underground. 

Sometimes organisations are even left with very little choice in the matter – pay up or no longer exist. Instead, a proactive approach to ransomware is needed, one that removes the option of paying the ransom by taking all the basic steps, such as patching regularly and actively monitoring, to prevent an intrusion in the first place.  

Continued international collaboration and cyber takedowns

International cyber task forces have also been cooperating, pooling intelligence and coordinating responses more regularly. Actions like the multi-country operation that took down REvil, which was responsible for major attacks last year against software provider Kaseya and meatpacker JBS, have been signals to hackers everywhere that their activity won’t be tolerated. But as big a win as this was, recent reports suggest that the group is back online. 

Ransomware groups have been known to rebrand themselves in the wake of law enforcement actions, as it is often those that are arrested are not those that are profiting most from the activity, so the key moving forward will be to keep the pressure on.  

The UK and other nations in the NATO alliance have been increasingly vigilant on the cyber front for months as Russia’s invasion of Ukraine has escalated, further highlighting how important collaboration across borders when cyber threats loom. 

Agencies like CISA in the UK and the NCSC in the UK have become a model of collaboration as seen via the many joint advisories they’ve put forward, sometimes alongside other nations as well, that’s been possible thanks to robust intelligence sharing and coordination with public responses. We’ll be seeing more of this in the weeks and months to come.  

One of the key messages to come out of CYBERUK 2022 was the need for a ‘whole-of-society approach to cyber security’. A chain is only as strong as its weakest link, and if nations around the world want to stay ahead of the curve in cyber, a full spectrum approach is essential to making this happen. 

The more we can all pull together to protect CNI, go on the offensive against ransomware, and collaborate with other governments and organisations, the stronger we can all be.