Home / News

UK’s National Agencies Release White Paper on Evolving Cyber Crime Ecosystem

A simplified ransomware workflow. Source: National Cyber Security Centre

The UK’s National Cyber Security Center (NCSC) and National Crime Agency (NCA) have released a white paper on the rapidly evolving ecosystem of cybercrime, with a special emphasis on ransomware and extortion attacks. Here are the key takeaways:

High-profile attacks:  Ransomware attacks have surged since the NCSC’s 2017 report, posing a significant threat to institutions worldwide. The malicious software encrypts files, preventing access to crucial data and often demanding a ransom in exchange for decryption. Recent high-profile attacks have crippled institutions, such as the Health Service Executive of Ireland and the Colonial Pipeline in Texas. In the UK, local councils’ critical care services and several educational institutions have been compromised.

Evolving threat landscape: The nature of ransomware attacks has evolved. Victims now grapple with the peril of sensitive data being exposed, leading to potential reputational damage. Moreover, there are concerns about repercussions from data protection authorities for failing to safeguard customer data. Some cyber criminals have opted for data theft and extortion without deploying ransomware, choosing their strategy based on the targeted institution’s nature and vulnerabilities.

Moral codes and complex supply chains: Certain criminal factions claim a ‘moral code,’ avoiding critical national infrastructure and healthcare services. Nevertheless, modern supply chains’ intricacy makes it almost impossible for them to ensure that their attacks don’t inadvertently affect these vital services.

The white paper underscores that ransomware and extortion attacks have become intricate business models, dependent on a complex supply chain. The paper cautions against exclusively focusing on specific ransomware strains, as most attacks result from poor cyber hygiene, rather than sophisticated techniques. Following the NCSC’s guidance could thwart most of these attacks.

The big picture: The rapidly shifting landscape indicates that cyber criminals will continue to exploit the most lucrative technologies or business models. The issue is deeper than any specific ransomware variant. Addressing individual variants is akin to treating disease symptoms. A comprehensive approach is needed to understand the vast ecosystem and target the root causes rather than playing a never-ending game of ‘whack-a-mole’ with the ransomware factions.

By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Threat Intelligence

Sponsored byWhoisXML API


Sponsored byVerisign

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign


Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

New TLDs

Sponsored byRadix