Ransomware is one of the key cybersecurity threats facing the UK and the cyber-criminal groups behind it are becoming more dangerous, the UK’s cyber chief is to warn.
Lindy Cameron, the head of the National Cyber Security Centre (NCSC), will say that the organisation – the cybersecurity arm of spy agency GCHQ – is committed to tackling the threat of ransomware and “supports victims of ransomware every day” but that a coordinated response is required to combat the growing threat.
While state-sponsored hacking campaigns pose a “malicious strategic threat to the UK’s national interests”, it’s cybercrime – and in particular ransomware – which has become the biggest threat.
“For the vast majority of UK citizens and businesses, and indeed for the vast majority of critical national infrastructure providers and government service providers, the primary key threat is not state actors but cyber criminals,” Cameron is due to say in a speech to the Royal United Services Institute (RUSI) defence and security think tank.
SEE: Network security policy (TechRepublic Premium)
Recent incidents like ransomware attacks against Colonial Pipeline and meat processor JBS, as well as the ransomware attack against the Irish healthcare service, have demonstrated how disruptive these cyber-criminal campaigns can be to critical services.
Meanwhile, UK organisations including businesses, government agencies, schools and universities have all fallen victim to ransomware attacks this year.
Not only are cyber-criminal ransomware groups encrypting networks and demanding a significant payment in exchange for the decryption key, now it’s common for them to also steal sensitive information and threaten to release it unless a ransom is paid – often leading victims to feel as if they have no choice but to give in to the extortion demands.
“As the business model has become more and more successful, with these groups securing significant ransom payments from large profitable businesses who cannot afford to lose their data to encryption or to suffer the down time while their services are offline, the market for ransomware has become increasingly professional,” Cameron will say.
Ransomware is successful because it works; in many cases, because organisations still don’t have the appropriate cyber defences in place to prevent cyber criminals infiltrating their network in the first place in what the NCSC CEO describes as “the cumulative effect of a failure to manage cyber risk and the failure to take the threat of cyber criminality seriously”.
But another reason it has become such a problem, particularly for the West, is because many of the most successful ransomware groups are working out of what Cameron describes as “overseas jurisdictions who turn a blind eye or otherwise fail to act to pursue these groups”.
Russia in particular is thought to be home to a number of cyber-criminal ransomware groups, but the government doesn’t act on their activity because they’re not harming Russian businesses or citizens.
“These criminals don’t exist in a vacuum. They are often enabled and facilitated by states acting with impunity,” she said.
SEE: This company was hit by ransomware. Here’s what they did next, and why they didn’t pay up
However, Cameron will say it’s possible to fight against the blight of ransomware by combining the efforts of cybersecurity experts, the government and to use wider international cooperation.
“In some respects, our response to ransomware is straightforward: we need to continue to build the UK’s cyber resilience so that attacks cannot reach their targets in the first place,” she said.
“But in many other respects, it requires a whole of government response. This starts with the efforts to prevent the activities of the groups behind these damaging attacks.”
However, ransomware isn’t just a problem for the UK alone and Cameron urged the importance of working with other countries to tackle what’s truly an international problem.