In a speech being given today by Lindy Cameron, chief executive of the NCSC, to the RUSI think tank, she highlights the need for ransomware problem to be taken seriously, and warns of the “cumulative effect” if society fails to properly deal with the rising threat. Cameron says that although state-sponsored cyber attacks represent a “malicious strategic threat to the UK’s national interests,” the problem goes much deeper than that:
“Far more worrying is the cumulative effect of a failure to manage cyber risk and the failure to take the threat of cyber criminality seriously. For the vast majority of UK citizens and businesses, and indeed for the vast majority of critical national infrastructure providers and government service providers, the primary key threat is not state actors but cyber criminals.”
Cameron, who was appointed head of the NCSC – part of GCHQ – last year, points out that technically-advanced professional criminal gangs have enabled anybody the ability to command a ransomware attack:
“…the ecosystem is evolving through Ransomware as a Service, (RaaS); the business model where ransomware variants and lists of targets, credentials and other tools useful for ransomware deployment are available off the shelf for a one-off payment or a share of the profits.” “As the business model has become more and more successful, with these groups securing significant ransom payments from large profitable businesses who cannot afford to lose their data to encryption or to suffer the down time while their services are offline, the market for ransomware has become increasingly ‘professional’.”
A recent attack against a fuel pipeline operator has focused world leaders’ attention on the scourge of ransomware, and the issue is considered serious enough to merit discussion at the recent G7 summit of world leaders in Carbis Bay, Cornwall.
In its end-of-summit statement, the G7 explicitly called for no country to act as a safe harbour for ransomware operators:
We also commit to work together to urgently address the escalating shared threat from criminal ransomware networks. We call on all states to urgently identify and disrupt ransomware criminal networks operating from within their borders, and hold those networks accountable for their actions.
If there was any doubt as to which country in particular the G7 is calling upon to help disrupt the activities of ransomware gangs, then that was made clear in another part of the communique:
In particular, we call on Russia to urgently investigate and credibly explain the use of a chemical weapon on its soil, to end its systematic crackdown on independent civil society and media, and to identify, disrupt, and hold to account those within its borders who conduct ransomware attacks, abuse virtual currency to launder ransoms, and other cybercrimes.
For its part, Russia points out that cybercriminals operate worldwide, and denies that it is harboring hackers.
But as the NCSC’s Lindy Cameron puts in her speech today, “these criminals don’t exist in a vacuum. They are often enabled and facilitated by states acting with impunity.”
Cameron is likely to be right that most ransomware attacks are the work of criminal gangs rather than state-sponsored. But it is essential to ensure that no countries are turning a blind eye to ransomware gangs who may be intentionally avoiding hitting targets close to home, in order to allow them free reign to make millions of dollars attacking organizations overseas.
Quotes credited to tripwire.com