Ransomware is “the most immediate danger to UK businesses” according to the head of Britain’s National Cyber Security Centre, who added that victims paying up were sustaining the criminal enterprise.
Delivering the opening keynote speech at Chatham House’s cyber conference, Lindy Cameron said there had been several major cyber incidents over the past year, including one which Britain and America attributed to hackers working on behalf of China.
“Probably the most significant – and one that received attention across the world – was what became known as the SolarWinds attack,” she said, referencing Russian intelligence hacking a software tool used by many companies to manage their emails.
“We have also seen real world impact over the last year from a spate of ransomware attacks,” she added, referencing the attacks on Ireland’s Health Service, Hackney Council, and on the Colonial Pipeline that led to fuel shortages in the US.
What is ransomare?
Ransomware is type of malware (malicious software) that attackers can deploy on a victim’s computer network to encrypt their files.
With ransomware, the attackers then extort the victim to pay huge sums of money, often in Bitcoin and sometimes worth millions of pounds, to decrypt their files and make them accessible again.
But the criminal system involved – featuring skilled networks of individuals specialised in their particular roles – has developed a multi-faceted extortion model which involves stealing sensitive files and threatening to release them online in case victims are able to recover their files from unencrypted backups, or simply refuse to pay.
If published, these files, which can relate to sensitive business deals or may include customer information, could damage the victim company’s reputation, impact their share price, or potentially even lead to a class-action lawsuit, all potential impacts stressed by the criminals as part of their extortion scheme.
“Ransomware presents the most immediate danger to UK businesses and most other organisations,” said Ms Cameron, explaining that it had the ability to impact everyone “from FTSE 100 companies, to schools; from critical national infrastructure to local councils”.
She said that the challenge the ransomware criminal gangs posed in terms of law enforcement is “acute” as “the criminals responsible often operate beyond our borders, are increasingly successful in their endeavours, and pose a global challenge we must fight together to ensure no place becomes a safe haven”.
“We expect ransomware will continue to be an attractive route for criminals as long as organisations remain vulnerable and continue to pay,” she said.
“We have been clear that paying ransoms emboldens these criminal groups – and it also does not guarantee your data will be returned intact, or indeed returned at all.”
She noted how, in addition to the direct cyber security threats posed by the Russian state, it and its neighbours also harbour the criminals who are “responsible for most of the devastating ransomware attacks against UK targets”.
Ms Cameron also made the first statement from anyone attached to the British government to directly reference the threat posed by private spyware companies such as NSO Group.
The Israeli hacking business was accused of assisting despotic regimes in targeting journalists, political dissidents, and human rights activists according to reports earlier this year.
NSO Group responded that its spyware was only used by governments to hack the mobile phones of terrorists and serious criminals
But a series of rulings in the High Court published last week found that Dubai’s ruler had used the software to spy on his ex-wife and her lawyers during a legal battle over their children.
Speaking on Monday, Ms Cameron mentioned NSO Group’s Pegasus spyware, noting that, “reportedly, customers of NSO Group had marked tens of thousands of global telephone numbers as potential targets”.
“This demonstrated something we have raised a red flag about before – the commercial market for sophisticated cyber exploitation products.
“Those with lower capabilities are able to simply purchase techniques and tradecraft – and obviously these unregulated products can easily be put to use by those who don’t have a history of responsible use of these techniques.
“We need to avoid a marketplace for vulnerabilities and exploits developing that makes us all less safe,” Ms Cameron added.