Ransomware hackers now bigger cyber threat to UK than hostile states

Criminal hackers carrying out ransomware attacks now represent a bigger risk to UK national security than online espionage by hostile states, Britain’s cyber defence chief will warn on Monday.

Lindy Cameron, chief executive of the National Cyber Security Centre — a branch of GCHQ — will accuse Britons of neglecting the threat from ransomware hackers, in a speech to London’s Royal United Services Institute.

While she will describe state-backed cyber activity such as online espionage and the theft of intellectual property as a “malicious strategic threat to the UK’s national interests”, Cameron will say that the “cumulative effect” of Britain’s failure to manage cyber risk is “far more worrying”.

For the “vast majority” of UK citizens and businesses, including suppliers of critical national infrastructure and government services, “the primary key threat is not state actors but cyber criminals”, Cameron will add.

Her warning comes after a worldwide proliferation in ransomware attacks — which typically paralyse a target’s computer networks and data until a payment is made.

The number of incidents rose by more than 60 per cent to 305m in 2020, according to data from SonicWall. Recent victims include Ireland’s health service, the US’s Colonial Pipeline and JBS, the Brazilian meat processing company, attacks which have focused minds on the risk to critical infrastructure and supply chains.

The White House believes both the Colonial Pipeline and JBS attacks were carried out by criminals based in Russia, and US president Joe Biden is expected to raise the issue during his meeting with Russian counterpart Vladimir Putin this week. Biden has indicated he is “open” to a proposal from Putin that Russia would hand over cybercriminals to the US if Washington did the same for Moscow.

Leaders of the G7 countries, who met in Cornwall this weekend, signalled their determination to clamp down on criminal hackers. They pledged in their summit communiqué that they would “urgently address” the “escalating shared threat from criminal ransomware networks”. 

The communiqué also called on Russia in particular to “identify, disrupt, and hold to account” ransomware attackers and other cyber criminals including those who “abuse virtual currency to launder ransoms”, within its borders.

In her speech on Monday, the NCSC chief executive will say that cyber criminals do not exist in a vacuum, and are “often enabled and facilitated by states acting with impunity”.

Cameron will add that, while ransomware was historically the preserve of high-end cyber crime groups, the threat is evolving because of the “ransomware as a service” business model, in which ransomware tools and targets are sold online.