The country's agencies should take precautions to defend themselves from this ubiquitous menace, as urged by the U.K. National Cyber Security Centre (NCSC) and the National Crime Agency (NCA).
"The U.K. is a top target for cybercriminals. Their attempts to shut down hospitals, schools, and businesses have wreaked havoc on people's lives and cost the taxpayer millions," said Security Minister Tom Tugendhat.
According to a joint NCSC-NCA report, which was commented on by NCSC CEO Lindy Cameron, it "reveals the complexities of the cybercrime ecosystem, with its different platforms, affiliates, enabling services, and distributors, all contributing to the devastating outcomes of ransomware attacks on U.K. organizations."
The report, titled "Ransomware, Extortion, and the Cybercrime Ecosystem," examines how organized crime groups' tactics have evolved since 2017. Ransomware attacks rely on an intricate supply chain supported by an array of services and involving various cybercriminals who carry out or facilitate illegal activities.
The report also outlines the shift to the 'ransomware as a service' model, wherein criminals with less technical competence may launch attacks using pre-developed ransomware tools.
According to the report, this 'ransomware as a service' model offers a variety of services commonly provided to clients, including a web portal for customizing ransomware, communication platforms for negotiating with victims, and access to data leak sites for disclosing stolen data.
"While smaller groups trade criminal services on illicit forums and marketplaces, the report also sheds light on how some organized crime groups operate much like legitimate businesses, with offices, salaries, sick and holiday pay, and other benefits," according to NCSC.
The report also emphasizes that most assault victims are chosen opportunistically rather than explicitly. Criminals are progressively adapting their attack techniques based on what is most likely to yield financial gain.
For example, organized criminal organizations would use whichever method they perceive as most likely to result in payment. This might involve launching attacks using ransomware to disrupt logistics firms that require access to systems but preferring extortion-only strikes against healthcare providers, where patient privacy is vital, according to the report.
"The NCA is focused on combating this threat by targeting the highest-harm cyber actors and undermining the cybercriminal ecosystem that enables their offending," said NCA Director General of Threats James Babbage.
