National Cyber Security Centre warns of increase in ransomware attacks on small firms

Cybercriminals now focusing in on companies with less sophisticated software security, says centre

The National Cyber Security Centre (NCSC) has written to small business owners warning of an increased threat of ransomware.

In a joint letter written with the Garda National Cyber Crime Bureau, the NCSC has warned businesses that criminals are moving away from large corporations and State agencies and focusing on smaller companies which don’t have the same levels of cybersecurity.

The malicious software is inserted into a victim’s computer system and blocks access until a sum of money is paid.

In the letter, both agencies noted they had observed a trend of small- and medium-sized businesses being increasingly targeted by ransomware groups.


“We have been dealing with the threat of ransomware for some time,” said NCSC director Richard Browne. “We have seen a noticeable change in the tactics of criminal ransomware groups, whereby rather than largely focusing on Governments, critical infrastructure and big business, they are increasingly targeting smaller businesses. This is a trend that has been observed globally and Ireland is no exception, with several businesses becoming victims of these groups in the past number of weeks.”

The letter set out the measures that small- and medium-sized businesses can take to prevent and recover from cyberattacks such as ransomware, referring to several guidance documents that have been published by the NCSC on the topic.

Dr Browne said: “Whilst we appreciate that many business owners are understandably nervous of the threat ransomware poses, there are some straightforward security measures that can be put in place to ensure that an organisation’s data and systems remain secure.”

Both agencies cautioned businesses against paying any ransoms to criminal groups. The official State policy is not to encourage, endorse or condone the payment of ransoms.

Dr Browne’s counterpart in the Garda cybercrime centre, Det Chief Supt Paul Cleary, said there was no guarantee that paying a rate would result in data being successfully decrypted, or prevent the data from being leaked online.

“It may lead to your organisation being targeted again, with some research showing that up to 80 per cent of organisations that pay are attacked again,” he said.

Garda advice

He encouraged business owners to report the incidents to the NCSC and the Garda who may be able to support victims of cyberattacks.

“Reporting incidents allows us to fully investigate these cybercrimes and helps us to identify trends and methods used by attackers so we can provide cybersafety and network protection advice to the public and the corporate sector,” said Chief Supt Cleary.

Small Firms Association director Sven Spollen-Behrens said the warnings tallied with what it was hearing from its members.

“[Small businesses] are increasingly worried about the threat posed by cybercrime. The advice provided is very helpful and we’re eager to work with the authorities to ensure our membership are putting in place the right protections to defend against these attacks,” he said.

Ransomware gangs sometimes threaten to leak sensitive stolen data if a ransom is not paid. In May 2021, the Health Service Executive was the victim of a devastating ransomware attack which crippled the central IT systems and had a significant impact on the delivery of health services nationwide. The criminal gang which carried out the attack threatened to publish online thousands of sensitive and confidential files. In the event, they did not follow through on the threat.

The attack has cost the HSE almost €50 million to date and final costs are expected to rise to €100 million.

Harry McGee

Harry McGee

Harry McGee is a Political Correspondent with The Irish Times