Cybercriminals from Russia and neighboring countries are behind most of the online extortions against companies and other organizations in Britain, said the head of the British Cyber Security Agency.
Linda Cameron, executive director of the National Center for Cyber Security (NCSC), warned that the so-called ransomware “poses the most immediate danger” of all the cyber threats that the UK faces in a speech at the Chatham House thinkham.
“We – together with the NCA [National Crime Agency] “Assess that cybercriminals based in Russia and neighboring countries are responsible for most of the devastating ransomware attacks on British targets,” Cameron said.
Her remarks represent one of the strongest attempts by the British intelligence chief so far to attribute the epidemic of internet extortion to Russia, which is accused of hiding criminal hackers who are trying to extract millions by seizing corporate data.
In May this year, former Foreign Minister Dominic Raab used more nuanced languages when he said that “countries like Russia cannot wave their hands” and say that ransom groups operating from their territory have nothing to do with them.
Since then, the West has been trying to increase pressure on the Kremlin. U.S. President Joe Biden twice raised the issue with his Russian counterpart, Vladimir Putin, over the summer – and hinted that the United States would be ready to attack gang-owned computer servers if nothing was done.
The Hackney Council in London was hit by a serious ransom software attack last October, which affected housing benefits and other council systems for months. The council is believed to have refused to pay the hacker’s ransom demands, but the repair systems could cost up to £ 10m.
Hijacking software, Cameron said, is the most important immediate cyber risk for the UK, which includes organizations “from FTSE 100 companies, to schools; from critical national infrastructure to local councils “- and warned that many still” have no plans to respond to incidents, nor have they ever tested their cyber defense “against the threat.
Hackers typically infiltrate key systems to encrypt or otherwise take control of critical data and demand cash to regain full access. Their techniques have also evolved, Cameron added: “Apart from ruling out the organization’s ability to function, many are now threatening to publish filtered data on the dark web.
Many companies pay ransoms, in part because they are covered by insurance: Travelek, a British foreign exchange service provider, paid $ 2.3 million last year after hackers shut down its networks, although the company later fell into administration.
Cameron warned that “paying ransoms encourages these criminal groups” – but this is not illegal because many criminal groups are not marked as banned groups. British extortion laws only prohibit the payment of ransoms to terrorists, and were drafted mainly in response to the threat of kidnapping.
Experts say Russia, along with other former Soviet states outside the Baltic region, has decided to turn a blind eye to its activities as long as their efforts are directed abroad – although one notorious gang, called REvil, disappeared in July after Biden’s complaint.
Other groups are thought to have earned huge sums: one study estimated that the Wizard Spider gang or RIUK earned $ 150 million, according to a study of their bitcoin transactions.
Russia remains the most serious threat to cyber security, Cameron said, but China has also raised significant issues. Describing Beijing as a highly sophisticated actor, the head of cyber security warned that the country had shown “proven interest in our business secrets” – since it had previously been accused of trying to steal the secrets of vaccine research, which the claim denies.
But she said she was not sure what would happen next. “As China develops over the next decade, it will probably be the biggest driver of our future cyber security,” arguing that the UK should “protect itself from Chinese practices that negatively affect our prosperity and security.”