Ransomware continues to pose a significant threat to organizations worldwide, with cybercriminals constantly evolving their tactics to maximize profits. A recent joint report from the UK’s National Cyber Security Centre (NCSC) and National Crime Agency (NCA) highlights the challenges of targeting individual ransomware strains in combating this threat.
According to the report, cybercriminals are quick to regroup and rebrand after being taken down, making it ineffective to focus solely on specific ransomware strains. The agencies suggest a more holistic approach that targets threat actors further upstream in the ransomware supply chain, rather than playing a game of ‘whack-a-mole’ with ransomware groups.
The evolution of ransomware tactics has seen a shift towards ransomware-as-a-service, allowing criminals with limited technical skills to launch attacks using pre-developed tools. This shift has been facilitated by the widespread availability and use of cryptocurrency in the cybercriminal marketplace.
The report also highlights how organized criminal groups (OCGs) are operating much like legitimate businesses, with structured operations, salaries, and benefits for members. The most significant cyber threat to the UK comes from the Russian-speaking cybercriminal community, who have benefited from the larger OCGs shaping the market for ransomware services.
Instead of targeting specific organizations or sectors, cybercriminals often act opportunistically by gathering access to a large number of potential targets and filtering them later to identify those most suitable for ransomware attacks. This approach allows them to maximize their return on investment without the need to specifically target a single entity.
In response to these evolving tactics, the NCA is focused on targeting the highest harm cyber actors and disrupting the cybercriminal ecosystem that enables their activities. This includes collaborating internationally to pursue criminals and using cyber sanctions to disrupt the business models of individual threat actors.
In conclusion, the report emphasizes the need for a comprehensive approach to tackling the ransomware threat, focusing on disrupting the cybercriminal ecosystem and targeting threat actors further upstream in the supply chain. By understanding the evolving tactics of ransomware groups and taking proactive measures to combat them, organizations can better protect themselves against this pervasive cyber threat.