Ransomware: Don't pay up, it just shows cyber criminals that attacks work, warns home secretary

For victims of ransomware attacks, paying the ransom doesn't guarantee that their network will be restored – and handing money to criminals only encourages them to try their luck infecting more companies with the file-encrypting malware.

The impact of ransomware attacks continues to rise as cyber criminals encrypt networks, while also blackmailing victims with the prospect of stolen data being published, in order to generate as much money as possible from extortion.

But speaking at the National Cyber Security Centre's (NCSC) CYBERUK 2021 virtual conference, home secretary Priti Patel warned ransomware victims that the government doesn't support victims of ransomware attacks paying the ransom.

SEE: Network security policy (TechRepublic Premium)

Not only does paying the ransom prove to cyber criminals that their campaigns work, but there's no guarantee that cyber criminals can be trusted not to come back again in future – or not to just publish the stolen data anyway.

"Government has a strong position against paying ransoms to criminals, including when targeted by ransomware," said Patel.

"Paying a ransom in response to ransomware does not guarantee a successful outcome, will not protect networks from future attacks, nor will it prevent the possibility of future data leaks. In fact, paying a ransom is likely to encourage criminality to continue to use this approach."

Patel referred to the Colonial Pipeline ransomware attack as an example of just how disruptive ransomware attacks can be, as "cyber criminals have been increasingly focused on companies and organisations, taking the time to research their target so they can maximise their chance of releasing higher sums of money through extortion," she said.

The home secretary urged organisations to take heed of high-profile ransomware attacks and learn the necessary cybersecurity lessons in order to avoid becoming another victim of malware extortion campaigns.

"Understand the consequence of an incident and how it will affect your organisation in the future – this is not just about the loss of data, there can be real disruption and significant impacts," said Patel.

SEE: This company was hit by ransomware. Here's what they did next, and why they didn't pay up

"Ransomware, like other cybercrime types, has no boundaries. The challenge of investigating and identifying those responsible is one we share with our international partners," she added.

Last month, the director of UK intelligence agency GCHQ, Jeremy Fleming, spoke about the increasing danger posed by ransomware, warning that ransomware attacks are growing at an "alarming rate".

MORE ON CYBERSECURITY

• This one change could protect your systems from attack. So why don't more companies do it?
• 9 tips to protect your organization against ransomware
• Ransomware is now a national security risk. This group thinks it knows how to defeat it
• FBI and European law enforcement shut down VPN used by ransomware groups
• Cyber criminals targeting hospitals are 'playing with lives' and must be stopped, report warns