'The nature of cyber attacks has changed' - NCSC chief

Geoff E, deputy head of consultancy and advice at the National Cyber Security Centre, writes about its updated guidance on mitigating malware and ransomware.

February feels like a long time ago now, which is when we published version 1.0 of the NCSC's guidance on mitigating malware and ransomware.

Over the following six months, we witnesses an unprecedented change in the way we live and work, with more of our lives moving online.

Consequently, the nature of cyber attacks (and the way in which they are conducted) has changed, with a growing threat from ransomware attacks.

Because of this we recently published version 2.0 of the guidance, which can be found here.

With each incident the NCSC manages, we continue to learn. We learn about how criminals compromise networks, how they deploy malware, and the mitigations that - if in place - would have prevented the attack.

Knowledge like this, which we acquire from the ‘cyber frontline’, is invaluable and informs the guidance we publish. This is why we've updated the mitigating malware and ransomware guidance; to ensure that it reflects the changing nature of the incidents we are dealing with.

The guidance still helps organisations manage the threat posed by malware and ransomware, but there are two things I wanted to re-emphasise:

  1. Having up-to-date and tested offline backups - offline backups are the most effective way to recover from a ransomware attack.

  2. Disabling or constraining scripting environments - disabling or constraining scripting environments makes it much harder for an attacker to deploy ransomware using batch or PowerShell scripts.

It’s the same, but different

On the surface this guidance may feel the same, but quite a lot has changed. Specifically we have:

  • added a new section to help organisations prepare for an incident

  • updated the attackers’ modus operandi

  • provided additional detail regarding backups, preventing malware from being delivered, spreading to devices, and running on them

  • re-emphasised some of our key messages if your organisation has already been infected with malware

Whilst we recognise that not all organisations have crack teams of security architects at their disposal, we believe this guidance provides an achievable set of actions that most organisations will be able to implement. This is why we have also included additional and updated references to resources, which will help you prepare and respond to malware attacks.

Malware attacks, in particular ransomware attacks, can be devastating for organisations because computer systems are no longer available to use, and in some cases data may never be recovered. If recovery is possible, it can take several weeks, but your corporate reputation and brand value could take a lot longer to recover. However, we are confident that following this guidance will reduce the likelihood of becoming infected, the spread of malware throughout your organisation, and the impact of the infection.

Geoff E Deputy Head of Consultancy and Advice, NCSC


* Is your business cyber secure? Sign up for our FREE core membership and strengthen your resilience to online crime and cyber attacks.

Also check out our Trusted Partners and learn how they can boost your cyber defences through the Government-backed Cyber Essentials programme.


The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.