< Back to Round 9 Challenges

Challenge 9.6

How can technology help Scotland’s public sector protect against ransomware and other forms of cyber-crime, and should they occur mitigate and recover from their effects, including data loss?

Challenge summary

Ransomware has become a sustained and significant cyber threat globally. Victims typically fall to automated, distributed attacks exploiting vulnerabilities in systems, processes and human behaviours. Once inside a network, a criminal may use digital technologies and tools to assess the victim's worth before encrypting and or stealing sensitive data with which to extort the victim. The resultant disruption, recovery costs, and reputational damage can be significant. Preventing initial access, encryption of data, or data exfiltration could disrupt this criminal model.


A short Q&A was held with the Challenge Sponsors at our launch event on 27 June — a recording of this session can be viewed here:

 

Key information for applicants

Please note — applications for CivTech Round 9 are now closed. Join our mailing list and follow us on social media to be the first to hear about future Challenges.

Launch date
27 June 2023

Closing date
Midday, 22 August 2023

Exploration Stage interviews
Wednesday 27 September 2023

Exploration Stage
23 October to 10 November 2023

Accelerator interviews
Friday 17 November 2023

Accelerator Stage
11 December 2023 to 26 April 2024


Maximum contract value
£650,000

What does this mean?


Q&A session

A live Q&A session was held with the Challenge Sponsor team on Monday 18 July 2023 at 15:00. A recording of the session can be viewed here:


Why does this Challenge need to be solved?

 

Ransomware has evolved to become the most significant Cyber threat to businesses and organisations worldwide. The success of this criminal model has resulted in development of the tools and techniques for its successful delivery. Many Ransomware services are developed and sold as criminal services which can be bought and deployed by non-technical crime groups.

Increasingly victims of ransomware are not targeted but fall victim to automated distributed attacks exploiting vulnerabilities in technology and in people to overcome security and gain initial access to networks. Once inside the network tools are deployed to escalate privileges and move laterally through the organisation enabling an assessment on the organisation’s worth to be made by the criminals before the final deployment of the encryption malware often coupled with data theft.

The disruption to business is significant as is the costs of recovery and potentially the cost to the organisation’s reputation.

Ransomware attacks are extremely low risk / high gain opportunities for cyber criminals which is why it has evolved at pace and this criminal operation model needs to be broken.

Ransomware is extortion paying extortion request from criminal gangs to decrypt or return data does not guarantee a recovery. For many organisations particularly in the public sector there is a very low likelihood of succumbing to the extortion request therefore the focus is on prevention detection and recovery.

The core components in the criminal model that if tackled, will break the model are;

  1. Preventing the initial access through which the attack is launched,

  2. preventing the encryption of data, and or

  3. preventing the exfiltration of data.

With these elements removed there is no extortion and the disruption to services, finances and reputation are limited.


How will we know the Challenge has been solved?

 

If technical solutions were found that addressed some or all of the three key elements outlined above success would be measured in

  • The reduction in the number of successful attacks

  • Reduction in extortion demands

  • Change in tactics from criminal gangs

  • Reduction in criminal gangs engaging in Ransomware

  • Increased knowledge and investigation opportunities by law enforcement as a result of value data capture from solutions


Who are the end users likely to be?

 

Ransomware impacts on governments, the public, private and third sectors and is a global problem. To that end all would benefit from solutions that addressed breaking this criminal model.


Has the Challenge Sponsor attempted to solve this problem before?

 

There are a number of security solutions that have forms of advanced system monitoring, detection and data loss prevention capabilities that contribute to reducing the success of attacks. There is room for much more innovation in this area by tacking the three components (stated already) that are core to the success this criminal model.


Will a solution need to integrate with any existing systems / equipment?

 

It is likely that any technical solution will have to integrate with a range of market systems.


Any technologies or features the Challenge Sponsor wishes to explore or avoid?

 

We seek to avoid the evolution of enhanced monitoring, detection and data loss prevention tools which simply builds on what already exists in many forms. We seek new innovative approaches to breaking the criminal model. We are open to how this can be achieved including existing technologies used in novel ways or new technology or both, to help break the criminal model and mitigate the risk to Scotland.


What is the commercial opportunity beyond a CivTech contract?

 

Solutions that target breaking the ransomware model will attract a significant interest globally which obvious commercial investment benefits.


Who are the stakeholders?

 

The Challenge is led by the Scottish Cyber Co-ordination Centre (SC3), and we anticipate stakeholders include our partners, including:

  • Scottish Government Cyber Resilience Unit

  • Scottish Government  Cyber Security

  • Police Scotland

  • National Services Scotland (NHS NSS)

  • Higher Education and Further Education Shared Technology & Information Services (HEFESTIS)

  • Local Authority Digital Office

  • Cyber & Fraud Centre Scotland

  • National Cyber Security Service


Who’s in the Challenge Sponsor team?

 

Scottish Government Cyber Resilience Unit


What is the policy background to the Challenge?

 

SC3 is being developed as collaborative response to the rising threat from cyber-attacks. It is driven as part of the wider Cyber Resilience Unit policy area supporting delivery of the Strategic Framework for a Cyber Resilient Scotland. As a sponsor to this Challenge, we wish to demonstrate the value of collaboration in mitigating the threat of Cyber risk within Scotland.