Ransomware "the most immediate danger to UK businesses"

The head of Britain’s National Cyber Security Centre has described ransomware as “the most immediate danger to UK businesses”, adding that most attacks are coming from individuals based in Russia.

Lindy Cameron, chief executive of the National Cyber Security Centre, say that along with National Crime Agency, they have assessed that cybercriminals based in Russia and neighbouring states are responsible for most of the devastating ransomware attacks carried out in the UK. Russia has been accused of sheltering cybercriminals who carry out ransomware attacks against Western states. Cameron warned that many UK businesses still “have no incident response plans or ever test their cyber defences”.

These remarks, along with the statement that ransomware poses the biggest digital threat to UK businesses, show how seriously ransomware is being taken by intelligence chiefs in the UK. Earlier this year, the foreign secretary, Dominic Raab, used softer language, commenting that Russia and neighbouring states could not “wave their hands” and claim ignorance of attacks being carried out from within their borders. In the US, President Biden has twice discussed the issue of ransomware with Vladamir Putin, suggesting firmer action would be taken if nothing was done by the Russian President.

Ransomware attacks have ramped up in recent months. In April 2020, a ransomware attack inflicted on Hackney Council, affecting housing benefit payments and other systems for months. In March this year, Acer were targeted by the REvil ransomware. In May, a ransomware attack on the Colonial Pipeline led to fuel shortages on the US east coast. In July, Miami-based IT firm Kaseya were hit by an attack, affecting hundreds of businesses in the US and beyond. In August, global IT consulting firm Accenture were hit by a ransomware attack orchestrated by the Lockbir ransomware group.