Ransomware Now the Biggest Cyber Threat in the UK

Ransomware is now the biggest threat to online security facing the UK, the head of the National Cyber Security Council has warned.

In a speech earlier this week, Lindy Cameron, the chief executive of the National Cyber Security Council that was set up in February this year, warned that cybercrime groups were conducting “in-depth reconnaissance” on their targets in the UK. Speaking at a lecture at the Royal United Services Institute think-tank, Cameron warned of the “cumulative effect” of ignoring or failing to manage cybercrime effectively, singling out ransomware as a key example.

These kinds of attacks have been on the rise for some years now. Ransomware operates by encrypting data and demanding a ransom in return for the decryption key; in many instances, there is also a threat to sell or publish private and confidential data to pile on the pressure. Cameron commented: “Ransomware has historically been the preserve of high-end cybercrime groups with access to advanced technical skills and capabilities based in overseas jurisdictions who turn a blind eye, or otherwise fail to act, to pursue these groups”. Ransoms are often scaled to the size of the victim; a small business could be hit with a ransom of just a few thousand dollars. However, as the “ransomware as a service” business model has become more successful, with large ransoms from major corporations being secured, the market for ransomware has grown dramatically. In 2020, Travelex, a UK-based foreign exchange service, paid $2.3m to regain control of its networks, pushing the company into administration and leading to more than 1000 job losses.

Many ransomware attacks over the last few years have originated in Russia and other former Soviet states, where authorities are less than enthusiastic when it comes to cracking down on cybercrime. Last week, at the G7 Summit in Cornwall, leaders agreed to take steps to tackle the problem of ransomware, and called on Russia to hold to account those who conduct ransomware attacks within its borders. Russia denies allowing cybercriminals to operate freely within its borders, but many experts believe they are allowed to operate on the condition their targets are outside the country.

Additionally, Cameron also called for insurers to stop paying ransoms. It is believed that insurers may be inadvertently funding organised cybercrime by paying out millions in ransoms. As the perpetrators of ransomware attacks are rarely members of banned terrorist organisations, it is perfectly legal for a business or insurer to pay the ransom.