GCHQ Boss: Ransomware Has Doubled in a Year

The volume of ransomware attacks on UK organizations has doubled over the past year, a British spy chief has warned.

Director of GCHQ, Jeremy Fleming, reportedly made the remarks at the Cipher Brief annual threat conference yesterday.

“I think that the reason [ransomware] is proliferating — we’ve seen twice as many attacks this year as last year in the UK — is because it works. It just pays. Criminals are making very good money from it and are often feeling that that’s largely uncontested,” he said, according to The Guardian.

“In the shorter term we’ve got to sort out ransomware, and that is no mean feat in itself. We have to be clear on the red lines and behaviors that we want to see, we’ve got to go after those links between criminal actors and state actors.”

Fleming’s words echo those of his counterpart in GCHQ spin-off the National Cyber Security Centre (NCSC), Lindy Cameron.

She has warned UK organizations that ransomware represents their biggest immediate threat on multiple occasions.

The country has not suffered a major incident on the scale of the Colonial Pipeline or Kaseya ransomware breaches, which both had large-scale repercussions across society, since WannaCry struck in 2017.

However, there have been countless smaller victims, with those in the education sector and local government particularly severely hit.

Tony Pepper, CEO of Egress, argued that organizations of all sizes could become victims of ransomware.

“With ransomware incidents against UK businesses doubling in the space of a year, now is the time for organizations to ramp up their defenses,” he added.

“Over 90% of malware, including ransomware, is delivered via email — so it’s vital that organizations are aware of the threat posed by phishing in facilitating these attacks.”

Security vendor Emsisoft claims to have found vulnerabilities in around a dozen ransomware variants, enabling the firm to help victims recover their files without paying their attackers. However, this will first require notifying the authorities, which some organizations are still reluctant to do.

What’s Hot on Infosecurity Magazine?