The British Library recently announced that they successfully withstood a cyber-attack without giving in to the hackers’ demands for payment or communication. As a result, ransomware groups have been cautioned that targeting the British government is not profitable.
In October 2023, the library was targeted by a ransomware attack. In light of this event, the library has issued a warning as part of its evaluation of how it handled the situation.
The library confirmed that they have not given any money to the perpetrators of the attack and have not had any communication with them. They want to make it clear that the UK’s national policy, as stated by the NCSC, strictly prohibits making such payments from publicly-funded institutions in the event of a ransomware attack.
Government organizations globally are often targeted by ransomware groups. These groups encrypt or steal valuable information and then demand a ransom in exchange for either deleting the data or restoring access. Common targets include councils, hospitals, schools, and universities, known for having weak cybersecurity systems and a pressing need to quickly restore their operations, resulting in a reputation for promptly paying ransoms.
The long-standing policy of the UK government has been to discourage the payment of ransoms. However, the report on the British Library incident demonstrates that the National Cyber Security Centre, a subsidiary of GCHQ responsible for addressing the threat of ransomware nationwide, is intensifying its efforts to prevent attacks by disrupting the flow of money.
The library has not yet returned to full operational capacity, as its research services are still not fully functional even after five months since the initial impact. According to the incident report, the criminal group responsible for the attack stole 600GB of data and later released it on the dark web after it became apparent that no ransom would be paid. However, the most significant destruction occurred prior to the attack being carried out completely. In an effort to make it more challenging to restore the systems and identify the perpetrators, the attackers purposely destroyed some of the servers.
The library states that they have backups of all their digital collections, including both originally digital and digitized content, as well as the corresponding metadata. However, they have faced obstacles due to the inadequate infrastructure for restoring this data.
Global efforts to combat ransomware gangs faced a major obstacle when Russia began its extensive invasion of Ukraine and withdrew from working with other countries to fight cybercrime. Although Russia had not been a consistently willing participant in investigations, the government still targeted the most severe offenders – a significant danger in a country where extradition is strictly prohibited. This has led international law enforcement to pursue alternative methods, such as endorsing “hack back” techniques aimed at hindering and revealing the operations of ransomware gangs that may otherwise be beyond reach.
A group of law enforcement agencies recently took control of the leadership and communication system of LockBit, the biggest ransomware group currently in operation. The group was responsible for a yearly cybercrime operation worth $100 million.
Despite being accused of adopting an “ostrich strategy” towards the ransomware threat, the government responded to the Joint Committee’s year-long investigation by stating that everything is under control, according to committee chair Margaret Beckett.
Beckett stated that the government is becoming increasingly aware that they lack knowledge on the severity and expenses associated with cyber-attacks throughout the nation, despite being ranked as the third most targeted country in the world. Furthermore, it is evident that the government has no plans to appropriately increase efforts or allocate resources in response to this issue.
Source: theguardian.com