Ransomware is the biggest online threat to UK organisations and, worryingly, we’ve seen evidence of a rise in payments to criminals behind these attacks.
That’s why the NCSC and the Information Commissioner’s Office have called for help from the Law Society, after concerns that some victims were being advised by legal teams to pay.
Though it may be tempting to pay to get systems back up and running quickly, it’s important to remember that UK Government does not encourage nor condone the payment of ransoms. There’s no guarantee you’ll get your data back and your systems could be compromised again in future. Paying a ransom doesn’t mean you’ll get a lower penalty from the ICO or be looked upon more favourably in any regulatory action.
The NCSC has a wide range of guidance on mitigating the ransomware threat, for example advising companies to keep offline back-ups. All of our advice can be found on the ransomware pages. The ICO’s recently updated ransomware guidance can be found on its website.
Google urges Android partners to apply latest security patches
Google has detailed their latest patches for Android systems in their monthly security bulletin.
Among the 37 flagged vulnerabilities in the August bulletin is a critical security flaw that could lead to remote code execution via Bluetooth with no additional execution privileges required.
The flaw, being tracked as CVE-2022-20345, has been patched on Android 10, 11, 12, and 12L and Google advises users running earlier versions to check and update their Android version as soon as they can.
The bulletin lists other high severity issues, many of which could lead to disclosure of sensitive information and/or privilege escalation.
Google has encouraged all Android partners to fix the issues listed and bundle them together in a single update for users.
Installing the latest software and app updates as soon as they are available helps keep devices safe from online threats. The NCSC has published advice to help individuals do this promptly, alongside more top tips for staying secure online.