Ransomware most insidious cyber threat facing UK

While cyber warfare, espionage and other malicious activity backed by foreign states are pressing concerns from the perspective of an international relations specialist or foreign policy wonk, the past year and a half has demonstrated how and why ransomware is the most dangerous and insidious cyber security threat facing the country, according to National Cyber Security Centre (NCSC) CEO Lindy Cameron.

“What I find most worrying isn’t the activity of state actors. Nor is it an improbable cyber armageddon. What I worry most about is the cumulative effect of a potential failure to manage cyber risk and the failure to take the threat of cyber criminality seriously,” Cameron told a virtual audience at the Royal United Services Institute (RUSI) think tank’s annual security lecture.

“For the vast majority of UK citizens and businesses, and indeed for the vast majority of critical national infrastructure providers and government service providers, the primary threat is not state actors but cyber criminals, and in particular the threat of ransomware.”

Cameron said this had become more evident than ever before during the course of the pandemic, which had also served to demonstrate just how insidious ransomware actually is in terms of its impact not just on victims’ data, finances and reputation, but on operations that impact people’s lives.

“We have seen it affect the NHS with WannaCry, prevent students accessing classes in the last few weeks, and shut down local authorities at great cost to the public purse, meaning the public cannot access services, pay their bills or, in some cases, even buy a house,” she said.

In her speech, Cameron covered a good deal of ground with which the cyber community will be familiar, discussing trends such as the evolution of double extortion attacks and affiliate or ransomware-as-a-service (RaaS) “business models”, and as the increasing ‘professionalisation’ of ransomware operators, some of whom now conduct ransom negotiations with the air of a legitimate IT technical support desks.

Cameron urged business leaders to take the issue more seriously. “Some of the most powerful testimonies I’ve heard since starting this…