Ransomware is biggest online threat to people in UK, spy agency chief to warn

GCHQ cybersecurity boss sounds alarm over extortion by hackers who are mostly based in former Soviet states

Ransomware represents the biggest threat to online security for most people and businesses in the UK, the head of GCHQ’s cybersecurity arm is to warn.

Lindy Cameron, chief executive of the National Cyber Security Centre, will say in a speech that the phenomenon, where hackers encrypt data and demand payment for it to be restored, is escalating and becoming increasingly professionalised.

Speaking to the Rusi thinktank on Monday, Cameron will say that while spying online by Russia, China and other hostile states remains a “malicious strategic threat”, it is the ransomware crisis that has become most urgent.

“For the vast majority of UK citizens and businesses, and indeed for the vast majority of critical national infrastructure providers and government service providers, the primary key threat is not state actors but cybercriminals,” Cameron is to say.

Ransomware incidents have soared over the past two years globally as criminal gangs operating from countries such as Russia and other former Soviet states, which turn a blind eye to their activities, generate tens of millions of dollars by extorting money from companies.

In May, a US oil network, Colonial Pipeline, was shut down after hackers obtained access via a compromised password, forcing the business to shut down for several days. Petrol prices briefly jumped amid panic buying by consumers.

The company paid $4.4m to the hackers, a group called Dark Side believed to operate in Russia or elsewhere in eastern Europe, to regain access to its systems. A large proportion was subsequently recovered by the US authorities.

Cameron said the market for ransomware had become increasingly “professional” as criminal hackers made money “from large profitable businesses who cannot afford to lose their data … or to suffer the down time”.

Gangs often scout their targets and will tailor their demands to the size of the customer: there are examples of small firms such as hairdressers being targeted and payments of £1,500 being demanded. But most of the targets are large businesses, which are disabled by the attacks.

Travelex, a UK-based provider of foreign exchange services, paid $2.3m last year to regain control after hackers shut down its networks. The company subsequently fell into administration and had to be restructured with the loss of 1,300 jobs.

At the G7 summit in Cornwall on Sunday, leaders of the leading industrial nations agreed to take steps to tackle the problem. The summit’s final communique called on Russia to “hold to account those within its borders who conduct ransomware attacks” and said G7 nations would work together “to urgently address the escalating shared threat”.

Nato is also expected to agree a new cybersecurity defence policy at its annual summit in Brussels on Monday, with the support of the UK.

Russia denies harbouring cybercriminals, and has said in the past that hackers exist everywhere. But western experts say most hacker gangs are based in the country, and are allowed to operate on the condition that they focus their efforts on targets abroad.

In extracts of her speech released in advance, Cameron did not name Russia. However, she said that criminal hackers “don’t exist in a vacuum. They are often enabled and facilitated by states acting with impunity.”

The UK, she argued, needed to coordinate “a whole-of-government response”, enhancing cyber resilience, engaging in international and diplomatic efforts, and seeking “the strongest criminal justice outcomes for those we apprehend”.

Cameron also called for insurance companies to stop paying out ransoms – currently legal because hackers are rarely members of banned terrorist groups – and said the anonymous cryptocurrencies often demanded by cybercriminals, such as bitcoin, should not “facilitate suspicious transactions”.

Ahead of the Nato summit, Boris Johnson, the UK prime minister, added: “Nato owes it to the billion people we keep safe every day to continually adapt and evolve to meet new challenges and face down emerging threats.”


Dan Sabbagh Defence and security editor

The GuardianTramp

Related Content

Article image
May to ban Huawei from providing 'core' parts of UK 5G network
Telecoms firm will still be able to supply some technology, but decision may anger Beijing

Dan Sabbagh Defence and security editor

23, Apr, 2019 @11:01 PM

Article image
GCHQ warns of fresh threat from Chinese state-sponsored hackers
National Cyber Security Centre urges operators of critical national infrastructure to prevent hacks

Dan Milmo Global technology editor

25, May, 2023 @3:34 PM

Article image
GCHQ asked to step up action against cyber-attack threat to financial services
Treasury select committee says existing vulnerabilities and accountability need to be addressed in the wake of Tesco Bank hacking

Jill Treanor

19, Dec, 2016 @12:01 AM

Article image
Hostile states trying to steal coronavirus research, says UK agency
Experts say Russia, Iran and China likely to be behind cyber-attacks on universities

Jamie Grierson and Hannah Devlin

03, May, 2020 @3:12 PM

Article image
The Chinese firm taking threats to UK national security very seriously
Overseen by a UK government board, the Cell is a part of Huawei in Oxfordshire ensuring its own technology cannot be compromised for nefarious purposes

Juliette Garside

07, Aug, 2016 @6:00 AM

Article image
Ransomware hackers steal plans for upcoming Apple products
Group behind REvil ransomware claims stolen files include plans for two laptops and a new Apple Watch

Alex Hern

22, Apr, 2021 @1:37 PM

Article image
UK tackles record cyber incidents as Russian ransomware attacks increase
National Cyber Security Centre says cyberattacks at record high and urges businesses not to pay up

Dan Sabbagh Defence and security editor

17, Nov, 2021 @6:00 AM

Article image
North Korea top suspect for WannaCry attack, says ex US security chief
Methods used in ransomware attack on NHS and in up to 100 countries similar to those used by Pyongyang in the past, says Michael Chertoff

Henry McDonald

28, May, 2017 @6:44 PM

Article image
Russia and neighbours are source of most ransomware, says UK cyber chief
Lindy Cameron, head of National Cyber Security Centre, says extortion is most serious online threat to UK

Dan Sabbagh Defence and security editor

11, Oct, 2021 @4:28 PM

Article image
Are you a top secret cyber-security genius? Take our test
As part of the government’s new national cyber-security programme, 50 people with non-tech backgrounds will be recruited to become hack-breakers. Do you have what it takes?

Stuart Heritage

02, Nov, 2016 @12:34 PM