Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

UK: NCSC publishes blog on ransomware attacks

On May 9, 2024, the UK National Cyber Security Centre (NCSC) published a blog post on ransomware attacks, detailing the tactics used by cybercriminals as well as the emerging trend of data theft and extortion.

Notably, the blog explained that ransomware attacks traditionally involved encrypting a victim's data and demanding a ransom for its release. However, according to the blog, these attacks now often include the theft of sensitive data which causes disruption for organizations and exposes them to ongoing risks from potential data leaks.

The blog noted a shift in tactics among cybercriminals, with some now favoring extortion-only attacks, where data is stolen without deploying ransomware. According to the blog, this method is increasingly used against sectors where data sensitivity is critical, such as healthcare, to exert pressure without the additional step of data encryption.

In the blog, the NCSC stressed the importance of maintaining robust cybersecurity defenses and recommended consulting the NCSC's latest guidelines and publications to help organizations defend against and recover from ransomware and extortion attacks.

You can read the blog here.