The threat of ransomware continues to evolve, making it a significant challenge for organizations worldwide. A recent joint report from the UK’s National Cyber Security Centre (NCSC) and National Crime Agency (NCA) highlighted the complexity of targeting individual ransomware strains. The report suggested that focusing on specific strains is ineffective due to threat actors quickly reassembling and rebranding after being taken down.
The Whitepaper emphasized the need for a more holistic approach to combatting ransomware, targeting the threat actors further upstream in the cyber-criminal ecosystem. Instead of playing a game of ‘whack-a-mole’ with ransomware groups, the NCSC and NCA recommended disrupting the supply chain and services that support ransomware attacks.
NCA Director General of Threats, James Babbage, emphasized the importance of targeting the highest harm cyber actors and undermining the cyber-criminal ecosystem. He acknowledged the challenge of achieving traditional criminal justice outcomes against cyber threat actors based in uncooperative regions, suggesting the need for a wider range of disruptive approaches.
The report also discussed the evolution of ransomware groups, highlighting the shift to ransomware-as-a-service models that enable criminals with limited technical skills to launch attacks using pre-developed tools. The growing availability and legitimate trade of cryptocurrency have facilitated this marketplace, making it easier for criminals to profit from ransomware attacks.
The NCSC and NCA identified the Russian-speaking cyber-criminal community as a major threat to the UK, with larger organized criminal groups shaping the forums where ransomware services are traded. Most cyber-criminals act opportunistically, scanning for vulnerabilities in products likely used in enterprise networks rather than targeting specific organizations. This approach allows them to gather large-scale access and filter it later to identify potential targets for ransomware attacks.
As ransomware continues to pose a significant threat to individuals, businesses, and organizations, it is essential for governments and law enforcement agencies to collaborate internationally and use disruptive approaches to combat cyber-criminal activities. By targeting the root causes of ransomware attacks and disrupting the cyber-criminal ecosystem, we can better protect against this evolving threat.