The NCSC offers charity guidance for what to do in the event of a ransomware attack.
Cub Llewelyn-Davies - Charity Sector Lead from the National Cyber Security Centre, provides guidance for charities facing ransomware attacks.
Earlier this month, NCSC took part in our first podcast with Charity Digital, joined by the brilliant Michala Liavaag from Marie Curie. In it, we were asked to reflect on the state of cyber security in the charity sector throughout 2019 and what we think will be in store for 2020. We won’t give away all of our answers here, instead, you can listen to the podcast.
One area I’d like to give a little more attention to though is Ransomware. You don’t have to far to see a news story about an organisation in the grips of a ransomware attack, for example, Redcar and Cleveland Council have been battling the effects of an attack for almost 3 weeks.
Charities are not immune to cyber attacks and should absolutely be considering how resilient they are to ransomware.
What is ransomware?
Ransomware is a type of malware that prevents you from accessing your computer (or the data that is stored on it). The computer itself may become locked, or the data on it might be stolen, deleted or encrypted. Normally, you’re then asked to make a payment by the attackers in order to unlock your computer or release your data.
The good news is that at the NCSC, we have just updated our ransomware guidance to ensure it remains current with the types of attacks we are seeing and how best to defend against them.
In the review, we have added a new element to the guidance by emphasising offline backups as a defence against ransomware. NCSC have seen a number of ransomware incidents lately where the victims had backed up their essential data (which is great), but all the backups were online at the time of the incident (not so great). It meant the backups were also encrypted and ransomed together with the rest of the victim’s data. Ultimately meaning that they had no clean backup from which to restore their data.
Should I pay the ransom?
We often get asked, “should I pay the ransom?” – The NCSC supports the National Crime Agency (NCA) recommendations who generally advise not to pay the ransom, as there is no guarantee that you will get access to your device (or data).
You are also encouraged to report cyber crime and fraud to Action Fraud.
Help! I am experiencing a ransomware attack now…
If your organisation is already infected, NCSC have produced a list of actions you should take as soon as possible.