NCSC chief warns of ransomware risk

“For most UK citizens and businesses, and indeed for the vast majority of critical national infrastructure providers and government service providers, the primary key threat is not state actors but cyber criminals, and in particular the threat of ransomware,” she told a virtual audience at the annual security lecture hosted by the Royal United Services Institute, a defence and security think tank.

“The sheer volume makes it the most impactful threat we face. We have seen it affect the NHS [National Health Service] with WannaCry, prevent students accessing classes in the last few weeks, and shut down local authorities at great cost to the public purse, meaning the public cannot access services, pay their bills or, in some cases, even buy a house.”

She also drew attention to increasing use of ransomware as a service (RaaS), whereby ransomware variants and commodity listings are available off the shelf for a one-off payment or a share of the profits.

She detailed what such an attack could mean for the victim. “If your files are encrypted by ransomware you may be offered the services of a 24/7 help centre to quickly pay the ransom and get yourself back online.

“The ransom note accompanying the attack gives you the contact details to use to negotiate with the attackers and unlock your files. Everything is geared to make it as easy as possible to simply pay the ransom and move on.”

On the preparation of the attack, she said: “High-end crime groups spend time conducting in-depth reconnaissance on their targeted victims. They will identify your cyber security weaknesses that they can exploit.

“They will use spoofing and spearphishing to masquerade as internal employees to get access to all of the networks they need. They will look for the business-critical files to encrypt and hold hostage.

“They may identify embarrassing or business sensitive material that they can threaten to leak or sell to others. And they may even research your cyber insurance policy to see if you are covered to pay ransoms.”

Cameron added: “This process can be painstaking and lengthy, but it means that, when they are ready to deploy, the effect of ransomware on an unprepared business is brutal.

“Everything is taken out. Files are encrypted. Servers go down. Digital phonelines no longer function. Everything comes to a halt and your business stops in its tracks.”

And she noted: “Turning up to a ransomware incident as the NCSC feels like the fire service turning up to a house that has already burned down.”

But she also highlighted some of the NCSC’s successes, such as taking down more than 700,000 online scams last year, 80,000 of which were tip offs via the centre’s suspicious email reporting service.

“We have raised resilience in all sectors of our critical national infrastructure, and built coalitions with businesses, charities and education to develop accessible and actionable cyber security tools and advice,” Cameron added.

More than 55,000 teenagers have participated in the CyberFirst Girls competition and the centre’s cyber security courses. The NCSC’s cyber aware campaign has also made the internet safer and easier to use for UK citizens, she said.