In recent times, the landscape of cyber threats has been dominated by ransomware attacks, often involving double and triple extortion tactics. However, a new approach is emerging from publicly funded organizations, openly acknowledging their inability to pay ransoms and rendering attempts to encrypt their databases futile.
Leading this charge, the British Library has issued a stern warning to hackers and ransomware perpetrators, asserting their financial incapacity to entertain any demands. This stance stems from the library’s status as a publicly funded institution and its successful navigation through a ransomware attack in October 2023 without yielding to any demands or engaging in negotiations with the hackers.
In line with the latest UK National Policy outlined by the National Cyber Security Centre, it is now mandated that no payments be made in response to file-encrypting malware attacks. Furthermore, organizations found making such payments will face legal consequences.
This declaration serves as a beacon for all councils, hospitals, schools, universities, and other government institutions, urging them to follow the British Library’s example of refusing ransom payments. Instead, the focus should be on fortifying cybersecurity frameworks to ensure swift recovery in the event of cyberattacks, with minimal to zero performance disruption.
For those interested, here are the post-attack developments at the library: as of March, approximately five to six months post-incident, the library has yet to fully recover its assets. The Rhysida ransomware group responsible for the attack claims to have exfiltrated around 600 GB of data, briefly leaking it onto the dark web before retracting it.
In related news, a survey conducted by security firm Sophos highlights a concerning trend among small and medium-sized businesses (SMBs), indicating a surge in cyber threats such as remotely executed ransomware attacks, driver abuse, and malvertising.
According to the 2024 Sophos Threat Report, more than 75% of customer incident response cases handled by Sophos’ X-Ops Incident Response service in 2023 targeted small and medium scale businesses. Contributing factors to this rise include a lack of in-house expertise, budget constraints hindering the hiring of dedicated cybersecurity staff, and a misguided belief among small-scale businesses that they are immune to such attacks.
