British intelligence services are actively providing advance warnings to potential ransomware targets in order to thwart impending cyber attacks. On average, every seventy-two hours for the last three months, a team of cyber security experts within GCHQ has been identifying the initial stages of new ransomware attacks targeting British entities, alerting intended victims and preventing attacks from being carried out.

An innovative system known as ‘Early Warning’, overseen by the National Cyber Security Centre (NCSC), is already believed to have thwarted major attacks, and draws on a range of unknown information sources including exclusive intelligence community feeds, public data, commercial inputs, and proprietary resources not available to the public.

This proactive approach, disclosed by several unnamed sources who spoke to Recorded Future News on the condition of anonymity, demonstrates the potential to curtail a significant number of successful cyber breaches. However, it has been noted by insiders that broader participation from organisations is needed to fully capitalise on the benefits of this system.

Currently, the scheme still has its challenges. Only a small fraction of organisations receive alerts – and it is estimated only 2% of those alerted act on the potential threat.

Ironically, a spokesperson from NCSC acknowledged the difficulties faced, stating, “We often struggle to find the correct contact information, or the person believes they’re speaking to a scammer.” The agency has taken steps to provide guidance on distinguishing official communications from criminal attempts to extract money or sensitive data.

In some cases, the delay in notifying potential victims has been so substantial that by the time NCSC establishes contact with the relevant parties, the ransomware attack has already been unleashed.

However, GCHQ clearly has big plans for developing the scheme further, and is encouraging organisations to sign up for Early Warning. As of the close of 2022, a mere 7,819 organisations had registered for the original service, but the NCSC’s annual report reveals that the system alerted over 5,900 user organisations about threats, more than 2,200 about vulnerabilities on their networks, and 56 received early alerts about ransomware attacks.

Learn more about Early Warning here, or speak to our Cyber Security team today.

If you have a DrayTek Vigor router not covered by a Lineal Support Agreement with us, please get in touch for guidance.

Cryptolocker Warning: in the past fortnight we’ve seen an increasing number of companies hit by sophisticated cryptolocker viruses.

These dangerous programs, often installed by accident, lock your files over time, encrypting data and eventually demanding victims pay a ransom to retrieve their irreplaceable data.

In all of these cases, security products were installed but they did not protect against the threat. In our experience the only product that is reliably detecting these new threats and offering sufficient protection at this time is ESET. Older, less effective or out of date security products are offering little or no protection against these new cryptolocker variants.

Once affected by a cryptolocker, there is no way to de-encrypt scrambled files without paying the ransom, and users must remove the trojan before recovering recent versions of a file from their backups – highlighting the importance of a regular backup plan for data.

Please don’t be the next one to get caught out – talk to Lineal today about IT security options to ensure your valuable data is protected.