Ransomware represents the biggest threat to online security for most people and businesses in the UK, the head of GCHQ’s cybersecurity arm is to warn.
Lindy Cameron, chief executive of the National Cyber Security Centre, will say in a speech that the phenomenon, where hackers encrypt data and demand payment for it to be restored, is escalating and becoming increasingly professionalised.
Speaking to the Rusi thinktank on Monday, Cameron will say that while spying online by Russia, China and other hostile states remains a “malicious strategic threat”, it is the ransomware crisis that has become most urgent.
“For the vast majority of UK citizens and businesses, and indeed for the vast majority of critical national infrastructure providers and government service providers, the primary key threat is not state actors but cybercriminals,” Cameron is to say.
Ransomware incidents have soared over the past two years globally as criminal gangs operating from countries such as Russia and other former Soviet states, which turn a blind eye to their activities, generate tens of millions of dollars by extorting money from companies.
In May, a US oil network, Colonial Pipeline, was shut down after hackers obtained access via a compromised password, forcing the business to shut down for several days. Petrol prices briefly jumped amid panic buying by consumers.
The company paid $4.4m to the hackers, a group called Dark Side believed to operate in Russia or elsewhere in eastern Europe, to regain access to its systems. A large proportion was subsequently recovered by the US authorities.
Cameron said the market for ransomware had become increasingly “professional” as criminal hackers made money “from large profitable businesses who cannot afford to lose their data … or to suffer the down time”.
Gangs often scout their targets and will tailor their demands to the size of the customer: there are examples of small firms such as hairdressers being targeted and payments of £1,500 being demanded. But most of the targets are large businesses, which are disabled by the attacks.
Travelex, a UK-based provider of foreign exchange services, paid $2.3m last year to regain control after hackers shut down its networks. The company subsequently fell into administration and had to be restructured with the loss of 1,300 jobs.
At the G7 summit in Cornwall on Sunday, leaders of the leading industrial nations agreed to take steps to tackle the problem. The summit’s final communique called on Russia to “hold to account those within its borders who conduct ransomware attacks” and said G7 nations would work together “to urgently address the escalating shared threat”.
Nato is also expected to agree a new cybersecurity defence policy at its annual summit in Brussels on Monday, with the support of the UK.
Russia denies harbouring cybercriminals, and has said in the past that hackers exist everywhere. But western experts say most hacker gangs are based in the country, and are allowed to operate on the condition that they focus their efforts on targets abroad.
In extracts of her speech released in advance, Cameron did not name Russia. However, she said that criminal hackers “don’t exist in a vacuum. They are often enabled and facilitated by states acting with impunity.”
The UK, she argued, needed to coordinate “a whole-of-government response”, enhancing cyber resilience, engaging in international and diplomatic efforts, and seeking “the strongest criminal justice outcomes for those we apprehend”.
Cameron also called for insurance companies to stop paying out ransoms – currently legal because hackers are rarely members of banned terrorist groups – and said the anonymous cryptocurrencies often demanded by cybercriminals, such as bitcoin, should not “facilitate suspicious transactions”.
Ahead of the Nato summit, Boris Johnson, the UK prime minister, added: “Nato owes it to the billion people we keep safe every day to continually adapt and evolve to meet new challenges and face down emerging threats.”