Russian ransomware attacks increased during 2021, joint review finds

Britain, the US and Australia point to growth in ‘sophisticated, high-impact ransomware incidents’

There have been further increases in “sophisticated, high-impact ransomware incidents” coming from Russia and other former Soviet states during 2021, Britain, the US and Australia said in a joint review of cyber-extortion trends.

Universities and schools were one of the top sectors targeted in the UK last year, the National Cyber Security Centre (NCSC) said, as well as businesses, charities, law firms, councils and the NHS. Hackers are increasingly offering services or exploits “for hire”.

Lindy Cameron, the chief executive of NCSC, said ransomware – where cybercriminals seize control of IT systems and demand payment to hand them back – was “a rising global threat” and called on organisations to review their defences.

Hackers typically come from Russia or are Russian speakers, with the west accusing Moscow of turning a blind eye to cyber-attacks. The shutting down of the notorious REvil gang last month by Russia’s FSB spy agency is understood not to have had any impact on incident levels.

KP Snacks, the maker of Hula Hoops and McCoy’s crisps, warned earlier this month that it was struggling to supply stores after a ransomware attack. It said supply disruption would last until “the end of March at the earliest”.

In November, an attack on a supplier to the Labour party led to Labour losing access to some of its membership data. The supplier had refused to pay a ransom, leading to some data being permanently lost.

No figures were put on the level of increase in attacks during 2021, although last October spy agency GCHQ said UK ransomware incidents had doubled. But the joint advisory did say hackers were diversifying because “the criminal business model of ransomware is now well established”.

Some cybercriminals specialised in ransom negotiations; others sought to offer victims “a 24/7 help centre” to facilitate prompt extortion payments. Ransoms demanded vary by the size of the victim and the greed of the criminals, although figures of £1m or more are not unusual.

It is not illegal in the UK for businesses to pay to regain access to their IT systems, and while there has been a debate in government about the issue, the situation is not expected to change. Criminalising British businesses who have been targeted by Russian hackers is not considered an attractive option.

In the US, the FBI, NSA and Cybersecurity and Infrastructure Security Agency said they had seen a shift away from “big-game hunting” – the targeting of high-profile organisations – although this was not the case in the UK or Australia.

Some of the American effect may be a response to complaints made by the president, Joe Biden, directly to his Russian counterpart, Vladimir Putin, after several high-profile attacks, and a growing US willingness to disrupt hacker activity.

Last May, fuel supplies in the US south-east were disrupted after an attack on the energy supplier Colonial Pipeline; the company paid a ransom of $4.4m, although half was subsequently recovered the US authorities.

Attackers gained entry by trying to lure people into clicking on malicious links in emails, brute force or exploiting software vulnerabilities, the joint warning said. Remote working in response to the pandemic meant such attacks would “likely remain popular”, the three countries’ cyber agencies added.


Dan Sabbagh Defence and security editor

The GuardianTramp

Related Content

Article image
How the growing Russian ransomware threat is costing companies dear
With KP Snacks the latest cyber-attack victim, firms must learn to defend themselves against a mounting menace

Rob Davies and Dan Milmo

05, Feb, 2022 @10:00 AM

Article image
UK tackles record cyber incidents as Russian ransomware attacks increase
National Cyber Security Centre says cyberattacks at record high and urges businesses not to pay up

Dan Sabbagh Defence and security editor

17, Nov, 2021 @6:00 AM

Article image
'State sponsored' Russian hacker group linked to cyber attacks on neighbours
Hacker group believed to have attacked governments in Georgia, the Caucasus and eastern Europe, as well as Nato. By Tom Fox-Brewster

Tom Fox-Brewster

29, Oct, 2014 @11:59 AM

Article image
Russian-led cybergang broken by police
Group laundered more than a million euros after malware attacks demanded money from people in 30 countries

Charles Arthur, technology editor

13, Feb, 2013 @10:15 PM

Article image
Evidence implicates government-backed hackers in Tor malware attacks
OnionDuke malware linked to MiniDuke hacker tools, which are thought to have been used to target Nato and European governments. By Tom Fox-Brewster

Tom Fox-Brewster

14, Nov, 2014 @1:30 PM

Article image
The ransomware attack is all about insufficient funding of the NHS | Charles Arthur
Amber Rudd, the home secretary, can burble all she wants but the Tories have overseen chaos in NHS computing systems

Charles Arthur

13, May, 2017 @12:21 PM

Article image
Cybersecurity stocks boom after ransomware attack
Companies see share prices rise sharply amid expected increase in spending on IT security after WannaCry hack

Nick Fletcher and Haroon Siddique

16, May, 2017 @3:35 PM

Article image
Shadow Brokers threaten to unleash more hacking tools
Group linked to NSA cyberwarfare tools used in ransomware attack threatens to set up ‘wine of the month’-style service

Samuel Gibbs

17, May, 2017 @11:56 AM

Article image
Russia unleashed data-wiper malware on Ukraine, say cyber experts
UK government and banks on alert for new form of electronic attack said to have affected hundreds of machines

Dan Milmo Global technology editor

24, Feb, 2022 @10:28 PM

Article image
New 'nasty' ransomware encourages victims to attack other computers
Popcorn Time malware offers users free removal if they get two other people to install link and pay

Alex Hern

12, Dec, 2016 @11:55 AM