GCHQ cybersecurity boss sounds alarm over extortion by hackers who are mostly based in former Soviet states
Ransomware represents the biggest threat to online security for most people and businesses in the UK, the head of GCHQ’s cybersecurity arm is to warn.
Lindy Cameron, chief executive of the National Cyber Security Centre, will say in a speech that the phenomenon, where hackers encrypt data and demand payment for it to be restored, is escalating and becoming increasingly professionalised.
Speaking to the Rusi thinktank on Monday, Cameron will say that while spying online by Russia, China and other hostile states remains a “malicious strategic threat”, it is the ransomware crisis that has become most urgent.
“For the vast majority of UK citizens and businesses, and indeed for the vast majority of critical national infrastructure providers and government service providers, the primary key threat is not state actors but cybercriminals,” Cameron is to say.
Ransomware incidents have soared over the past two years globally as criminal gangs operating from countries such as Russia and other former Soviet states, which turn a blind eye to their activities, generate tens of millions of dollars by extorting money from companies.
In May, a US oil network, Colonial Pipeline, was shut down after hackers obtained access via a compromised password, forcing the business to shut down for several days. Petrol prices briefly jumped amid panic buying by consumers.
The company paid $4.4m to the hackers, a group called Dark Side believed to operate in Russia or elsewhere in eastern Europe, to regain access to its systems. A large proportion was subsequently recovered by the US authorities.