Ransomware: Not enough victims are reporting attacks, and that's a problem for everyone

Ransomware continues to be a significant cyber threat to businesses and the general public – but it's difficult to know the true impact of attacks because many victims aren't coming forward to report them.

The warning comes in the National Cyber Security Centre (NCSC) Annual Review for 2022, which looks back at key developments and incidents in cyber crime over the last year, with ransomware described as an "ever present" threat and a "major challenge" to businesses and public services. 

That's demonstrated by how the review details how in the 12-month period between 1 September 2021 and 31 August 2022 there were 18 ransomware incidents that needed a "nationally coordinated" response. These included attacks on a supplier to the National Health Service (NHS) and a ransomware attack against South Staffordshire Water. 

However, the true impact of ransomware remains unclear, because the NCSC says that many organizations that fall prey to ransomware attacks aren't disclosing them.

"The true numbers of ransomware attacks in the UK each year are far higher, as organizations often do not report the compromises," says the NCSC report. 

Also: The ransomware problem won't get better until we change one thing

That lack of reporting is despite the significant and disruptive consequences ransomware attacks can have, not only for organizations that fall victim, but for wider society – which is why it's vital that cybersecurity is taken seriously and incidents are reported. 

"Ransomware remains one of the most acute threats that businesses and organizations in the UK face," said Lindy Cameron, CEO of the NCSC. 

"These attacks have genuine real-world consequences and are a reminder to all organizations of the importance of taking the important mitigation measures set out in our guidance. As I have said before, it is vital that organizations treat cyber security as a genuine, board-level risk to be managed," she added. 

Encrypting files and services is disruptive enough, but many cyber criminals have realized they can do more damage by stealing data and threatening to leak it unless a ransom is paid. It's something the NCSC says is becoming a fundamental part of the ransomware business model, as criminals realize that many organizations will give in to ransom demands to avoid their data being leaked. 

Paying the ransom is discouraged, not only because it encourages cyber criminals by telling them that their attacks work, but also because there's also no guarantee that the attackers will hold up their end of the bargain – it's common for ransomware groups who receive ransom payments to leak the data anyway or return with further extortion demands.

Also: Ransomware: Why it's still a big threat, and where the gangs are going next

Alongside ransomware, the NCSC annual review warns that phishing attacks are one the biggest cyber threats around today, particularly as they can cause damage at an individual level. 

"We have seen low sophistication cyber crime continue to be a scourge to the British public and organizations. This is starkly brought to life in that there were 2.7 million cyber-enabled frauds last year," said Cameron. 

According to the NCSC, some of the most prominent themes among phishing attacks over the last year have been COVID-19 and Russia's invasion of Ukraine. 

More recently, cyber crooks have been using the cost-of-living crisis to trick people into giving up financial information. For example, attacks have mimicked the energy regulator Ofgem in over 50 campaigns exploiting people who are worried about the rise in energy costs. 

The NCSC said its Suspicious Email Reporting Service (SERS) received, 6.5 million reports of suspicious emails, which resulted in over 62,000 scam URLs being removed.

Since SERS was set up in April 2020, it has received a total of 13.7 million reports, resulting in the take down of 174,000 scam URLs – something that is providing the NCSC with cause for optimism. 

"It is heartening to see a growing uptake in our services to protect against these threats, and the 6.5 million reports we received from the public to the Suspicious Email Reporting Service shows that people are both becoming more cyber aware and contributing to our resilience," said Cameron. 

"The NCSC, in conjunction with our law enforcement partners, is more resolute than ever in its determination to thwart cyber criminals," she added. 

MORE ON CYBERSECURITY

• Critical infrastructure is under attack from hackers. Securing it needs to be a priority - before it's too late
• These ransomware victims are making the highest ransom payments
• Raising cybersecurity awareness is good for everyone - but it needs to be done better
• Victims of these online crooks lacked a key security feature. Don't make the same mistake
• Russian hackers' lack of success against Ukraine shows that strong cyber defences work, says cybersecurity chief