Ransomware attacks are proliferating as criminals turn to gangs providing turnkey post-compromise services, Britain’s National Cyber Security Centre (NCSC) has warned.

In a joint UK-US-Australia advisory issued this afternoon, the three countries said they had “observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally.”

The warning comes hot on the heels of several high-profile attacks against oil distribution companies and also businesses that operate ports in the West – though today’s note insists there was a move by criminals away from “big game hunting” against US targets.

Among the main threats facing Western organisations were the use of “cybercriminal services-for-hire”. These, as detailed in the advisory, include “independent services to negotiate payments, assist victims with making payments, and arbitrate payment disputes between themselves and other cyber criminals.”

Payment is what it’s all about and the advisory condemned the paying of ransoms, saying: “Every time a ransom is paid, it confirms the viability and financial attractiveness of the ransomware criminal business model.”

The NCSC told The Register today’s warning was not linked to a potential Russian invasion of Ukraine, with the advisory adding that the shift away from the US by criminals hasn’t really affected Britain: organisations of all sizes are still in the firing line – even those making the nation’s favourite snacks.

Common routes into an organisation’s IT infrastructure for a ransomware attack range from compromise of cloud applications and storage (including attacks leveraging improperly secured APIs), to supply chain attacks such as those directed against upstream MSPs, and the age-old tactic of attacking on a weekend or holiday.

The full note is on the NCSC website.

Many ransomware gangs are believed to be based in Russia and the country has a storied history of state-directed cyber attacks against the West.

According to ESET’s latest Threat Report, out today, ransomware attacks “surpassed the worst expectations of 2021” and in the first half of the year alone companies across the globe collectively paid out some $5bn in bitcon to make the bad things stop. ®