Ransomware is key cyber threat facing UK – cybersecurity boss

In a keynote speech, National Cyber Security Centre boss Lindy Cameron warned that businesses must be better prepared.
Computer virus
PA Archive
Martyn Landi14 June 2021

Ransomware attacks are the key cyber threat facing the UK and the public and businesses must take it seriously, the head of the UK’s cybersecurity agency has warned.

Lindy Cameron the head of the National Cyber Security Centre (NCSC), which is part of GCHQ stressed the importance of the UK continuing to build its cyber resilience to stop attacks from reaching their targets.

Giving the annual security lecture to the Royal United Services Institute (RUSI) defence and security think tank on Monday, Ms Cameron spoke about the “cumulative effect” of the UK failing to manage ongoing cybercrime and, in particular, the increasing trend of ransomware attacks.

Ransomware is a form of cyber attack which locks files and data on a user’s computer and demands payment in order for them to be released back to the owner and has been used as part of a number of high-profile cyber attacks in recent years, including the 2017 attack on the NHS.

Ms Cameron warned that cybercriminals are becoming increasingly sophisticated in their use of ransomware, and the UK must continue to improve its response.

“Ransomware has historically been the preserve of high-end cybercrime groups with access to advanced technical skills and capabilities based in overseas jurisdictions who turn a blind eye, or otherwise fail to act, or fail to pursue these groups,” she said.

“But the ecosystem is evolving through what we call Ransomware as a Service, (RaaS); and the as a service business model, where ransomware variants and commodity listings such as listed credentials, are available off the shelf for a one-off payment or a share of the profits.

“We know there are campaigns to recruit new affiliates and as a result users can buy from developers without the costs and risks of developing it themselves.

“And that enables less experienced actors to acquire tools to conduct their own ransomware attacks.

“As the business model has become more and more successful, with these groups securing significant ransom payments from large profitable businesses who cannot afford to lose their data to encryption or to suffer the down time while their services are offline, the market for ransomware has become increasingly professional.”

The NCSC boss added that “a whole of Government response” is required in order to meet the threat.

“It starts with the efforts to prevent the activities of the groups behind these damaging attacks,” she said.

“These criminals don’t exist in a vacuum. They are often enabled and facilitated by states acting with impunity. International and diplomatic efforts need to be co-ordinated to stop them.

“And that includes seeking the strongest criminal justice outcomes for those we apprehend. There are other players with a key role such as the cyber insurance industry which has a role to play in bearing down on the payment of ransoms and cryptocurrencies entities who facilitate suspicious transactions.”

In her lecture, the cybersecurity boss also warned that think tanks in the UK are likely to become key targets for nation-state espionage groups as they seek to gain “strategic insights into Government policy, trade agreements and commercially sensitive information”.

Create a FREE account to continue reading

eros

Registration is a free and easy way to support our journalism.

Join our community where you can: comment on stories; sign up to newsletters; enter competitions and access content on our app.

Your email address

Must be at least 6 characters, include an upper and lower case character and a number

You must be at least 18 years old to create an account

* Required fields

Already have an account? SIGN IN

By clicking Create Account you confirm that your data has been entered correctly and you have read and agree to our Terms of use , Cookie policy and Privacy policy .

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in