Ransomware incidents now dominate agenda at COBRA meetings, report

The UK now ranks third in a list of countries where businesses suffer the most ransomware attacks

The impact of ransomware incidents in the UK has grown to the point that they now dominate discussions at the government ' s emergency COBRA meetings.

COBRA is an unofficial term for COBR that stands for Cabinet Office Briefing Rooms, where the emergency meetings are held.

The Prime Minister convenes a COBRA meeting to discuss and plan a response to a global, regional or domestic crisis. An emergency committee is formed, and its members attend the meeting.

Previous examples of this committee's work include dealing with coronavirus pandemic, terrorist attacks and severe flooding.

In a recent report, The Record asserts, citing multiple sources with knowledge of the matter, that the bulk of the government's recent COBRA crisis management meetings have been called in response to ransomware incidents rather than other crises.

The sources told the publication that there did not appear to be a proportionate level of ministerial interest in ransomware, despite the repeated warnings of the chief executive of the National Cyber Security Centre (NCSC), Lindy Cameron, who described ransomware as the most acute threat facing the country.

The need to regularly convene cross-departmental meetings on the issue demonstrates how little Westminster has done to address the risk ransomware presents to the nation.

The UK now ranks third in a list of countries where businesses suffer the most ransomware attacks, security vendor NordLocker said in a report in September.

NordLocker examined 18 sectors and found that business services suffered the highest number of ransomware attacks (10.1%), followed by education (9.7%), construction (8.9%), transportation (7.7%), manufacturing (7.3%) and public sector institutions (5.7%).

Conti and LockBit were the two most active ransomware gangs in the UK, claiming responsibility for 22.2% and 11.5% of attacks, respectively. They were also the most active groups worldwide.

NCSC's annual review states that 18 ransomware events that needed a nationally coordinated response hit the UK this year. These incidents included attacks on the National Health Service software provider Advanced and on South Staffordshire Water.

The increase in COBRA meetings follows a cross-Whitehall "sprint" programme on ransomware, which was completed last December.

The goal of this programme was to formulate recommendations for how to approach the problem that would be signed off on before the G7 conference of interior ministers at the end of 2021.

However, a year after that "sprint" ended, the administration has still not delivered any decisions that can be put into practice.

The Record ' s report also claims that due to the Home Office's dissatisfaction with the data provided by the Department for Digital, Culture, and Media and Sport (DCMS), the Home Office has begun its own ransomware research project in an effort to determine the accurate number of attacks that have hit the UK in recent months.

The most recent edition of DCMS's annual cyber breach study revealed that ransomware assaults had decreased from 17% of all occurrences in 2020 to only 4% in 2021. Officials who talked to The Record, however, questioned the utility of the self-reported survey, stating that it has a bias towards those who do not wish to disclose such events. Moreover, it is derived using data gathered a year previously, a period during which the ransomware ecosystem has significantly evolved.

A government spokesperson told the publication that protecting the UK against ransomware attacks is a top priority for the administration.

"Given the complex nature of the threat, we are working collaboratively across departments, with law enforcement and agencies, and our international partners to strengthen our cyber capabilities and build the UK ' s resilience."

The spokesperson added that the government's policy and operational strategy to combating ransomware is now being reviewed, including through regular consultation with industry and international partners.