The head of the UK spy agency GCHQ has disclosed that the number of ransomware attacks on British institutions has doubled in the past year.
Jeremy Fleming, the director of GCHQ, said locking files and data on a user’s computer and demanding payment for their release had become increasingly popular among criminals because it was “largely uncontested” and highly profitable.
His comments, made on Monday to the Cipher Brief annual threat conference, follow warnings that Russia and China are harbouring criminal gangs that are successfully targeting western governments or firms.
“I think that the reason [ransomware] is proliferating – we’ve seen twice as many attacks this year as last year in the UK – is because it works. It just pays. Criminals are making very good money from it and are often feeling that that’s largely uncontested,” he told delegates.
GCHQ has declined to give the exact numbers of ransomware attacks recorded in the UK this year or last. However, a US Treasury report released this month disclosed that suspicious ransomware-related transactions in the US over the first six months of this year were worth around $590m. The top 10 hacking groups believed to be behind criminal activity had moved about $5.2bn worth of bitcoin over the past three years, the report claimed.
Amid growing concerns over China and Russia’s ties to ransomware gangs, Fleming also called for more clarity over the links between criminals and hostile states.
“In the shorter term we’ve got to sort out ransomware, and that is no mean feat in itself. We have to be clear on the red lines and behaviours that we want to see, we’ve got to go after those links between criminal actors and state actors,” he said.
Ransomware is malware that employs encryption to hold a victim’s information at ransom. A user or organisation’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access. It has been used as part of a number of high-profile cyber-attacks in recent years, including the 2017 attack on the NHS.
Specialists believe Russian ransomware will continue to expand given the proliferation of cyber hacking tools and cryptocurrency payment channels.
Lindy Cameron, chief executive of the National Cyber Security Centre (NCSC), said this month that ransomware “presents the most immediate danger” of all cyber threats faced by the UK, in a speech to the Chatham House thinktank.
In May this year, the then foreign secretary, Dominic Raab, said states such as Russia could not “wave their hands” and say ransomware gangs operating from their territory had nothing to do with them.
Since then the west has sought to ramp up the pressure on the Kremlin. Joe Biden twice raised the issue with Vladimir Putin over the summer and he hinted that the US would be prepared to attack computer servers belonging to the gangs if nothing was done.
Rajeev Syal Home affairs editor