While cyber warfare, espionage and other malicious activity backed by foreign states are pressing concerns from the perspective of an international relations specialist or foreign policy wonk, the past year and a half has demonstrated how and why ransomware is the most dangerous and insidious cyber security threat facing the country, according to National Cyber Security Centre (NCSC) CEO Lindy Cameron.
“What I find most worrying isn’t the activity of state actors. Nor is it an improbable cyber armageddon. What I worry most about is the cumulative effect of a potential failure to manage cyber risk and the failure to take the threat of cyber criminality seriously,” Cameron told a virtual audience at the Royal United Services Institute (RUSI) think tank’s annual security lecture.
“For the vast majority of UK citizens and businesses, and indeed for the vast majority of critical national infrastructure providers and government service providers, the primary threat is not state actors but cyber criminals, and in particular the threat of ransomware.”
Cameron said this had become more evident than ever before during the course of the pandemic, which had also served to demonstrate just how insidious ransomware actually is in terms of its impact not just on victims’ data, finances and reputation, but on operations that impact people’s lives.
“We have seen it affect the NHS with WannaCry, prevent students accessing classes in the last few weeks, and shut down local authorities at great cost to the public purse, meaning the public cannot access services, pay their bills or, in some cases, even buy a house,” she said.
In her speech, Cameron covered a good deal of ground with which the cyber community will be familiar, discussing trends such as the evolution of double extortion attacks and affiliate or ransomware-as-a-service (RaaS) “business models”, and as the increasing ‘professionalisation’ of ransomware operators, some of whom now conduct ransom negotiations with the air of a legitimate IT technical support desks.
Cameron urged business leaders to take the issue more seriously. “Some of the most powerful testimonies I’ve heard since starting this job have been from chief executives faced with a ransomware attack they were under-prepared for,” she said.
“We support victims of ransomware every day but turning up to a ransomware incident as the NCSC feels like the fire service turning up to a house that has already burned down. There might be some forensic evidence that the police might pursue.
“Occasionally, but less so over time, there might be a flaw in the malware or its deployment that we can make the most of. Even more rarely, we just might be able to get a decryption key. But these groups know what they’re doing, and that hardly ever happens. More often than not, it’s a case of rebuilding from scratch and restoring the data – assuming you have – and please read the advice – an offline backup that can be used for this.”
She acknowledged how many victim organisations feel they have no choice but to pay, and said she sympathised with those put in such a position, but also reiterated the oft-repeated advice that paying a ransom in no way guarantees the return of data, and funds criminal enterprises to conduct more attacks.
Cameron also expressed her support for building more international consensus on responding to threats such as ransomware, as set out by the G7 in its post-summit communique, and called for policy-makers to build on this momentum by agreeing new rules and regulations for what is acceptable, setting more effective cyber standards, and building alliances.