NCSC Updates its Ransomware Guidance in Light of High-Profile Attacks

  • Some of the much detailed technical content was removed to keep the material relevant to the masses.
  • The golden rule of offline backups, as conveyed, is that one should connect the offline (or cold) backup to live systems only when it is critical.

The UK’s National Cyber Security Centre (NCSC) launched updated guidance on how to mitigate the impact of cyber attacks, and ransomware attacks, in particular.

What happened?
NCSC withdrew its separate guidance on ransomware attacks and malware attacks. 

  • The newly published guidelines shall bring clarity and ease confusion among businesses and individuals alike.
  • Having two different pieces of guidance caused issues among businesses as much of the ransomware content was mostly identical.
  • However, the malware guidance was somewhat up-to-date and relevant.

What to expect from the newer version?
The latest issue essentially mirrors members' concern and understanding of the cybersecurity landscape. Just to say, for example, ransomware is merely a type of malware.

  • For common understanding, the guidance used ‘attacks’ rather than ‘infections’, ‘incidents’ or ‘compromises.’
  • Some of the much detailed technical content was removed to keep the material relevant to the masses.
  • A part of the guidance has also been expanded to emphasize offline backups as a more appropriate defense mechanism against ransomware.

“We’ve previously published a blog post recommending offline backups, but recent incidents suggest we need to emphasize the importance of this in our guidance as well,” he said.

Offline back a safe option?
Theoretically, offline backups will keep the organization’s infrastructure unaffected in case of a live attack on the live environment. 

  • The golden rule of offline backups, as conveyed, is that one should connect the offline (or cold) backup to live systems only when it is critical.
  • Moreover, it is recommended to never have all backups connected (or hot) at the same time.
  • NCSC also recommends using cloud services to hold an offline backup. This guarantees full physical separation for the backup from the live environment. 
  • But, since cloud services don’t work when disconnected, the best advice to them would be to implement identity management and access controls on their premises.

The full guidance can be found here.

Comments
A spokesperson said on the updated guidance, “Not everyone who visits our website knows that. Furthermore, they might well search for the term ‘ransomware’ (rather than ‘malware’) when they’re in the grip of a live ransomware incident.”

It would be better if we closely address the people’s needs as possible through guidance. The best cybersecurity advice in the world is useless if people can’t find it, he added.