Ransomware attacks are the key cyber threat facing the UK and the public and businesses must take it seriously, the head of the UK’s cybersecurity agency has warned.
Lindy Cameron, the head of the National Cyber Security Centre (NCSC), which is part of GCHQ, stressed the importance of the UK continuing to build its cyber resilience to stop attacks from reaching their targets.
Giving the annual security lecture to the Royal United Services Institute (RUSI) defence and security think tank on Monday, Ms Cameron spoke about the “cumulative effect” of the UK failing to manage ongoing cybercrime and, in particular, the increasing trend of ransomware attacks.
Ransomware is a form of cyber attack which locks files and data on a user’s computer and demands payment in order for them to be released back to the owner and has been used as part of a number of high-profile cyber attacks in recent years, including the 2017 attack on the NHS.
Ms Cameron warned that cybercriminals are becoming increasingly sophisticated in their use of ransomware, and the UK must continue to improve its response.
“Ransomware has historically been the preserve of high-end cybercrime groups with access to advanced technical skills and capabilities based in overseas jurisdictions who turn a blind eye, or otherwise fail to act, or fail to pursue these groups,” she said.
“But the ecosystem is evolving through what we call Ransomware as a Service, (RaaS); and the as a service business model, where ransomware variants and commodity listings such as listed credentials, are available off the shelf for a one-off payment or a share of the profits.
“We know there are campaigns to recruit new affiliates and as a result users can buy from developers without the costs and risks of developing it themselves.
“And that enables less experienced actors to acquire tools to conduct their own ransomware attacks.
“As the business model has become more and more successful, with these groups securing significant ransom payments from large profitable businesses who cannot afford to lose their data to encryption or to suffer the down time while their services are offline, the market for ransomware has become increasingly professional.”
The NCSC boss added that “a whole of Government response” is required in order to meet the threat.
“It starts with the efforts to prevent the activities of the groups behind these damaging attacks,” she said.
“These criminals don’t exist in a vacuum. They are often enabled and facilitated by states acting with impunity. International and diplomatic efforts need to be co-ordinated to stop them.
“And that includes seeking the strongest criminal justice outcomes for those we apprehend. There are other players with a key role such as the cyber insurance industry which has a role to play in bearing down on the payment of ransoms and cryptocurrencies entities who facilitate suspicious transactions.”
In her lecture, the cybersecurity boss also warned that think tanks in the UK are likely to become key targets for nation-state espionage groups as they seek to gain “strategic insights into Government policy, trade agreements and commercially sensitive information”.