Cyber hackers
Some criminal groups have even adopted business-like structures, complete with offices, salaries, sick leave and other employee benefits. Kacper Pempel/Illustration

In a joint effort, the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) have released a groundbreaking report today, titled "Ransomware, Extortion, and the Cyber Crime Ecosystem."

The report reveals a disturbing trend in the world of cybercrime. It demonstrated how criminals are increasingly professionalising their operations, adopting a "ransomware as a service" model and leveraging a complex ecosystem to maximise profits. This evolution has led to a surge in extortion attacks and poses a significant threat to individuals, businesses and organisations worldwide.

Since 2017, there has been a noticeable shift in cybercriminal tactics, as described in the report. Criminals are now embracing the 'ransomware as a service' model, allowing even those with limited technical skills to launch devastating attacks using pre-developed ransomware tools.

This shift has facilitated the growth of organised criminal groups (OCGs) that operate with intricate supply chains and professional infrastructure, resembling legitimate businesses.

Notably, some OCGs have adopted a corporate approach, complete with offices, salaries, sick leave, holiday pay and other employee benefits. This corporate-like structure makes them more resilient and adaptable to law enforcement efforts.

The report highlights that the path to conducting an attack involves multiple services and various cyber criminals, effectively lowering the entry barrier for aspiring criminals.

One significant finding in the report is that cyberattack victims are primarily chosen opportunistically, rather than being specifically targeted. Criminals adapt their methods depending on what is most likely to yield payment.

For instance, they might deploy ransomware attacks to disrupt logistics companies requiring access to their systems but prefer extortion-only attacks against healthcare services where patient privacy is of utmost importance.

Lindy Cameron, CEO of the NCSC, expressed concerns about the evolving threat landscape, stating: "Organised crime groups have continued to evolve in recent years, with the growth of the 'ransomware as a service' model sadly leading to more attacks."

"Our joint report reveals the complexities of the cybercrime ecosystem, with its different platforms, affiliates, enabling services and distributors, which all contribute to the devastating outcomes of ransomware attacks on the UK's organisations," she continued.

James Babbage, NCA Director General of Threats, emphasised the need for a comprehensive response to combat ransomware threats: "The proliferation of capable cyber-crime tools and services, and subsequent lowering of the barrier of entry, means that ransomware, especially ransomware-as-a-service, will continue to be a significant threat to UK individuals, businesses and organisations."

Security Minister Tom Tugendhat reinforced the urgency of the situation, stating: "The UK is a top target for cybercriminals. Their attempts to shut down hospitals, schools and businesses have played havoc with people's lives and cost the taxpayer millions. This report is a timely reminder of the threats we face."

The 'Ransomware as a Service' model, described in the report, offers customers a range of features, including a web portal to customise ransomware, communication platforms for negotiation with victims and access to data leak sites to publish stolen data.

While businesses have improved their preparedness for cyberattacks since 2018, criminals have simultaneously refined their business model to maximise payouts.

It is essential to note that most cybercriminal successes are not the result of sophisticated attack techniques but rather the exploitation of poor cyber hygiene.

Therefore, organisations are urged to adopt robust cybersecurity measures and take advantage of the NCSC's comprehensive guidance to reduce the risk of falling victim to a ransomware attack.

In a proactive step, the NCSC encourages organisations to sign up for its free Early Warning service, which notifies them of potential suspicious activity within their networks, including indicators of ransomware.

With the cyber threat landscape evolving rapidly, collaboration between government agencies, law enforcement and the private sector is essential to stay ahead of emerging threats and protect critical infrastructure.

The joint report by the NCSC and the NCA serves as a wake-up call to organisations and individuals alike, highlighting the pressing need for heightened cybersecurity measures and greater vigilance in the face of evolving ransomware threats. The professionalisation of cybercrime demands a comprehensive response to safeguard the digital landscape and protect against devastating attacks.

As organisations across the UK grapple with the evolving threat of cybercrime, the report underscores the importance of proactive measures and the need for constant vigilance. With the cybercriminal landscape becoming increasingly sophisticated, it is imperative for businesses, government agencies and individuals to stay informed and take robust steps to defend against the growing menace of ransomware.

What is the ransomware as a service model?

The report delves further into the mechanics of the ransomware as a service model, revealing a range of features typically offered to customers. These features include not only the provision of ransomware tools but also a web portal that allows the customisation of ransomware, communication platforms for negotiation with victims and access to data leak sites to publish stolen data.

This comprehensive suite of services enables even less technically skilled criminals to launch highly effective attacks, underscoring the growing accessibility of cybercrime.

While the report acknowledges that businesses have made strides in preparing for and responding to cyberattacks since 2018, it also sheds light on the fact that criminals have been refining their business models in parallel to maximise payouts.

This is a stark reminder that the battle against cybercrime is a constantly evolving one, and organisations must remain vigilant and adaptable in their cybersecurity strategies.

The report emphasises that, despite the increasing complexity of cybercriminal operations, most successful attacks do not rely on sophisticated techniques. Instead, they often capitalise on lax cybersecurity practices and poor cyber hygiene within targeted organisations. This serves as a crucial reminder that cybersecurity is a shared responsibility, and all organisations must prioritise robust defences.

In line with this, the NCSC has published comprehensive guidance for organisations to reduce the likelihood of falling victim to a ransomware attack. This guidance provides actionable steps that organisations can take to enhance their cybersecurity posture and protect against ransomware threats.