GCHQ Boss Says Ransomware Attacks Have Doubled In A Year

Jeremy Fleming, the Director of GCHQ, has said that the number of ransomware attacks on British organisations has doubled in the past 12 months. He also said that these attacks have become increasingly popular among criminals because it was “largely uncontested” and highly profitable for them.

He made his statement on the second day of the Cipher Brief Annual Threat Conference in Sea Island Georgia on October 25th, follow warnings that Russia and China are harbouring criminal gangs that are successfully targeting western governments or firms. 

Ransomware is malware that employs encryption to hold a victim’s information at ransom. Critical data is encrypted so that the organisation cannot access files, databases, or applications. A ransom is then demanded to provide access. It has been used as part of a number of high-profile cyber-attacks in recent years, including the 2017 attack on the NHS and this year of the health service in Ireland

Hackers are using software to lock files on computers before stopping victims from accessing their own data, essentially holding it hostage and demanding money from them. Once they have received ransomware payment, the hackers can then give a decryption key back to the victim so they can regain access. “I think that the reason ransomware is proliferating, we’ve seen twice as many attacks this year as last year in the UK, is because it works. It just pays. Criminals are making very good money from it and are often feeling that that’s largely uncontested,” he told delegates.

GCHQ has declined to give the exact numbers of ransomware attacks recorded in the UK this year or last. However, a recent US Treasury Report disclosed that suspicious ransomware-related transactions in the US over the first six months of this year were worth around $590m. The top 10 hacking groups believed to be behind criminal activity had moved about $5.2bn worth of bitcoin over the past three years, the report said.

Amid growing concerns over China and Russia’s ties to ransomware gangs, Fleming also called for more clarity over the links between criminals and hostile states. “In the shorter term we’ve got to sort out ransomware, and that is no mean feat in itself. We have to be clear on the red lines and behaviours that we want to see, we’ve got to go after those links between criminal actors and state actors”.

“We’ve got to go after those links between criminal actors and state actors, and impose costs where we see that, and beyond that I think we’ve got to make sure that we are doing all we can to de-simplify this and to take as much out of it of the hands of citizens as we can so that they can enjoy living in a safe and secure online world,” Fleming said. He said that it is not “rocket science” to “defend against this sort of stuff...  Back up your data, make sure you’ve got your admin right, sorted out, make sure your passwords are properly protected, work out where your thresholds are, have thought in advance how you would respond if you were approached for ransom, all those sorts of things, it’s just basic stuff,” he said.

Security specialists believe Russian ransomware will continue to expand given the proliferation of cyber hacking tools and crypto-currency payment channels. 

  • In May this year, the then foreign secretary, Dominic Raab, said states such as Russia could not “wave their hands” and say ransomware gangs operating from their territory had nothing to do with them.

Since then, Western nations has sought to increase pressure on Russia. President Biden has raised these issues with Vladimir Putin over the summer and he hinted that the US would be prepared to attack computer servers belonging to the gangs if nothing was done.   

The Cipher Brief:    Standard:    NMAP:      Belfast Telegraph:    Guardian:    Daily Echo:    Verve Times:   

You Might Also Read: 

Cyber Attacks Are The New Cold War:

 

« Facebook Is 'making hate worse'
British Spies Trust Amazon With Their Secrets »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81 / Zero Trust Network Access Guide

Perimeter 81 / Zero Trust Network Access Guide

Curious how you can Implement a Zero Trust roadmap with insights from Gartner? Download this free report for a limited time only.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IEEE Computer Society

IEEE Computer Society

The IEEE Computer Society is the world's leading membership organization dedicated to computer science and technology.

Indium Software

Indium Software

Indium Software is an Independent Software Testing Company offering software testing services (including security testing) and offshore Quality Assurance solutions.

Crypta Labs

Crypta Labs

Crypta Labs is an Award Winning IOT Security startup that is developing a quantum-based encryption chip to secure the Internet of Things.

Volexity

Volexity

Volexity is a leading provider of threat intelligence and incident suppression services and solutions.

Crypteia Networks

Crypteia Networks

Crypteia Networks delivers a patent-pending technology that identifies zero-day threats along with misconfigurations on already deployed defenses.

National Cyber Security Centre (NCSC) - New Zealand

National Cyber Security Centre (NCSC) - New Zealand

The role of the NCSC is to help New Zealand’s most significant public and private sector organisations to protect their information systems from advanced cyber-borne threats.

LMG Security

LMG Security

LMG Security is a cybersecurity consulting, research and training firm.

Careerjet

Careerjet

Careerjet is a leading online job search engine with a large presence worldwide, sourcing millions of job ads from thousands of websites from all over the world in areas including Cybersecurity.

iSolutions

iSolutions

iSolutions is an official reseller and engineering company of leading products and solutions for cybersecurity and information protection, optimization, visualization and control of applications

Servian

Servian

Servian is one of Australia's leading IT consultancies, with expertise in cloud, data, machine learning, DevOps and cybersecurity.

SAFECode

SAFECode

SAFECode is a global industry forum where business leaders and technical experts come together to exchange insights on creating, improving, and promoting effective software security programs.

CyberPeace Foundation

CyberPeace Foundation

CPF is a think tank of cybersecurity and policy experts with the vision of pioneering Cyber Peace Initiatives to build collective resiliency against CyberCrimes and global threats of cyber warfare.

Cegeka

Cegeka

Cegeka is a family-owned IT company providing end-to-end IT solutions, services & consultancy.

NI Cyber Security Centre

NI Cyber Security Centre

NI Cyber Security Centre works to make Northern Ireland cyber safe, secure and resilient for its citizens and businesses.

Syracom

Syracom

syracom is a consultancy firm specialized in development of efficient business processes. With our expertise and IT competence, we develop tailored solutions for customers in various industries.

Oxford Internet Institute - University of Oxford

Oxford Internet Institute - University of Oxford

The Oxford Internet Institute is a multidisciplinary research and teaching department of the University of Oxford, dedicated to the social science of the Internet.