As the dust settles around the collapse of KNP Logistics, which was triggered by a major cyberattack in June, a new report warns that ransomware attacks are on the rise and urges businesses to take preventative action.

The report Ransomware, extortion, and the cyber crime ecosystem, published by GCHQ’s National Cyber Security Centre (NCSA) and the National Crime Agency (NCA), points out that logistics companies are particularly vulnerable to ransomware attacks because of the need for these businesses to access fleet management systems.

Ransomware is malicious software, known as malware, that prevents businesses from accessing their computers or the data stored on them. During a ransomware attack, the targeted company’s data will usually be encrypted making it unusable, or it may be stolen.

The attackers usually send a ransom note demanding payment to recover encrypted data, often using an anonymous email address. They typically request payment in the form of a cryptocurrency.

The report warns that ransomware attacks are on the rise with ransomware-as-a-service models now available to criminals with less technical skills. These packages allow them to launch attacks using pre-developed ransomware tools, including a web portal to customise ransomware, communication platforms for negotiation with victims and access to data leak sites to publish stolen data.

However the report reveals that most attacks are not the result of sophisticated systems but the result of poor cyber hygiene, emphasising the importance of companies developing strong defences.

The report urges organisations to follow NSCA guidance on cyberattacks which advises directors to put ransomware high on their board’s risk agenda and ensure it is a board-level responsibility.

Read more

The guidance adds: “Business leaders don’t need to be cyber security experts, but knowing the basics of how ransomware works will mean they can have constructive conversations with their technical experts about the threat.”

Companies are also strongly encouraged to sign up to the NCSC’s free Early Warning service, which notifies organisations of any potential suspicious activity within their networks, including indicators of ransomware.

Launching the report, NCSC chief executive Lindy Cameron said: “While the NCSC is resolute in tackling this threat with our partners, all organisations must take action to protect themselves.

"I urge network defenders to read this report and to implement our ransomware guidance to boost their cyber resilience."

James Babbage, NCA director general of threats, added: “The proliferation of capable cyber crime tools and services, and subsequent lowering of the barrier of entry, means that ransomware, especially ransomware-as-a-service, will continue to be a significant threat to UK individuals, businesses and organisations.

“The NCA is focused on combating this threat by targeting the highest harm cyber actors and undermining the cybercriminal ecosystem that enables their offending.

“However, as this report makes clear, a whole of system response is required to be effective; prevention, protection, and collaboration with international and private sector partners are key.”