Sanctioning cyber attack actors

Image thanks to NCSC

Forty minutes before we started recording this week’s episode of our excellent podcast ‘It’s Cyber Up North’, the National Cyber Security Centre (NCSC) made this announcement via Twitter:

‘UK and US partners have today sanctioned seven Russian cyber criminals associated with developing or deploying a range of ransomware strains.’ You can read more about the announcement here and, naturally, hear all about it from wherever you normally get your podcasts.

It was like manna from heaven as the podcast was all about ransomware, including stories about the recent Post Office and DNV attacks. 

Such a coordinated approach at an international level is very welcome and some may argue long overdue. It takes time for governments to act however and finding the right people and bodies to target is a difficult job. To attack using cyber is easier than to defend as an attacker just needs to get through to someone while the defender needs to protect against everyone. As the saying goes, it’s much easier to blow up trains than make them run on time.

The UK has sanctioned 7 Russian cyber criminals through coordinated actions with the US government. These people have been responsible for much of the ‘development or deployment of a range of ransomware strains which have targeted the UK and US.’ The current position with sanctions against Russia over the war in Ukraine obviously has lent weight to this decision.

I am left wondering however, if you are being held to ransom, how do you know who you are paying? The criminals go to huge lengths to hide where the attacks are coming from and so it is going to be extremely difficult for anyone outside GCHQ to work out if those sanctioned Russians are behind the scam.

I also wonder what you are expected to do if you are held to ransom but not allowed to pay? It puts you and your business up a gum tree, damned if you do and damned  if you don’t. Of course help is available through the NCSC and the wider trade in general.

The world is a much different place since COVID. Work patterns have changed and we are much more reliant on digital technology than before. It is fair to say that our defensive systems have not kept up with pace of change though huge amounts of effort have gone into making systems robust. We must stay vigilant to the ongoing threat of cyber attacks, take advice and have proper backup strategies in place.

The international response is welcome and I feel there is much more to come.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s