close
close

Battle against computer crime

Posted on by Online Niel
Battle against computer crime

March 10, 2025

In January, the Government announced that it aims to introduce the legislation trying to limit the growing threat of ransomware attacks against organizations in the UK. The proposals include the prohibition of redemption payments to criminals by the public sector bodies, the introduction of new compulsory reports and payments for the payment for the private sector.

What is the problem?

Cybercrime is a sophisticated business and led by organized criminal bands. In recent years, there has been a dramatic increase in ransomware attacks globally. This type of attack is one in which the malicious software encrypts the victim’s data or blocks them from their systems. Also, a copy of the important data of the customer and the owner is stolen. Then, the attackers ask for redemption payments in exchange for access to the system or data and so that the confidential data is not published on the sites led by the criminals. The use of this “double extortion” technique means that companies are at their mercy, even if they can restore back-up systems.

A notable development was the growth of ransomware as a service (RAAS), a business model in which ransomware tools are sold on the black market to affiliates, who get access to computers and often, acting as lead generators, share the prey with more sophisticated players who negotiate the payments. Payment requirements run from hundreds of thousands to many millions of pounds.


Battle against computer crime

Why do organizations pay the redemption requirements?

These types of attacks are the most frightening cyber incidents. A business can be brought into stop, to face the financial ruin and to make their relationships with customers and reputation. So the stakes are large. Decisions regarding the survival of the business should be quickly taken against a tick hour. ICO, the law enforcement agencies and the regulatory authorities in the sector have always discouraged payments on the grounds that they stimulate more from the same illegal activity. Despite this fact, it is not surprising that organizations feel obliged to make payments to make their business work again and in an attempt to protect their customers.

So what does the government propose now?

There are three main proposals.

  1. A targeted prohibition of ransomware payments for all public sector bodies and critical national infrastructure (CNI). This extends the existing prohibition of ransomware payments by government departments. The idea is to make these organizations, on which the country is based, unattractive targets for ransomware criminals.
  2. A regime to prevent redemption payments. This would include the intention notification to pay the redemption before doing so. The idea is to allow law enforcement to examine the proposed payment to see if there is a reason to block it, for example, if it has violated sanctions, as well as increasing the awareness of the National Crime Agency on live attacks and financial requirements.
  3. A compulsory reporting regime for ransomware incidents. The idea is to provide information to the law enforcement agencies to warn of emerging threats and target investigations on organized ransomware groups.

Will it work?

These proposals are well -intentioned. But computer crime is sophisticated, organized and extremely profitable. Will not disappear. If there is a full prohibition of payments by the public sector and CNI, it will need to be respected. But, regardless of whether a ransomware attack against the public or private sector takes place, the prevention of payment will not prevent the criminal gangs from taking advantage of the data theft, for example, by selling it to facilitate other serious crimes, such as the card that does not have fraud, identity theft, breaking passwords or as a user name.

A complete prohibition of the public sector and CNI paying for ransomware applications can lead to the redirection of attacks against companies in the private sector, the architects being a main target. Indeed, many researchers have already found evidence that ransomware gangs have shown the attention of law enforcement agencies (which save most of their resources for large infrastructure attacks) and have moved their attention to small and medium-sized organizations. They can be particularly vulnerable to the attack, because they often rely only on their external IT support companies and, therefore, do not have the right protection.

So, although the securities in the press have high profile attacks against public bodies, the reality is that the overwhelming majority of ransomware attacks are actually against the companies in the private sector.

Proposals to make the private sector compulsory to report ransomware incidents to authorities and notify the intention to pay a ransomware request before doing so would create an additional burden on the victim’s business, in addition to the stress of negotiating with the offenders regarding the payment and the attempt to limit the damages and to disturb his business and business. Of course, they would still have reporting obligations to ICO, customers (where applicable) and supply chain.

And what happens if the payment is blocked? It could be the difference between the business that survives or not. The business can decide to pay ransomware requirements, because, commercially, they feel obliged. Losing all customer data and access to systems could leave the business permanently.

It should also be kept in mind that these proposals refer only to ransomware attacks. Cybercrim and cyber disturbance involve a much more complete range of attacks that these proposals do not reach. For professional service companies, the most common form of attack is to take over the E -mail account, if the offender will have access to the business E -mail, resulting in frequent data and financial losses.

What does the Government of enterprises say about the management of cyber risks?

In January 2025, the Government confirmed that it issues the Cyber ​​Governance Practice Code, which substantially follows the code of code issued in 2024. This formalizes the government’s expectations regarding the governance of a cyber security and establishes clear actions that the directors, the non -executive directors and the higher leaders must undertake their risk. This highlights the fact that cyber risk should have the same prominence as financial or legal risks, and the responsibility and property of cyber resistance is a problem at the council level.

The code comprises five principles that are underlined by various actions. Principles are risk management, cyber strategy, people, incident planning and response and insurance. It should be an essential reading for all senior business leaders (and ICO will consider if there is a data violation – see, for example, the decision in the fine case of 4.4 million pounds).

What should companies do?

The conclusion is that a business should give priority to the prevention of cyber violations first. Management of cyber risks should be at the top of the risk register of each organization and pay attention to the higher management. Prudent management requires obtaining properly qualified experts to provide the visibility of your organization’s cyber risk and independent assurance that the right protective measures are in force, with periodic reviews to demonstrate their continuous effectiveness.

Riba does not offer tips for technical security services. We provide support to practices and information on technical security services for our members provided by experts, our partner, Mitigo.

Riba was associated with Mitigo to provide Technical security. Mitigo offers a free consultation without obligations for members. For more information, contact Mitigo at 0161 883 3507, E -mail [email protected] or fill in Contact form.