Number of Ransomware Attacks Has Doubled in Just a Year, GCHQ Director Warns
Why is Ransomware Still So Successful? Let’s see What Jeremy Fleming Has to Say.
Yesterday, Sir Jeremy Fleming, the director of Government Communications Headquarters (GCHQ), stated that the number of ransomware attacks on institutions from the UK has doubled in the past year.
The head of GCHQ, a UK spy agency dedicated to intelligence and information gathering, publicly demanded more initiative in order to “sort out” ransomware attacks across the UK, adding that it is not “rocket science.”
He stated that encrypting all the data on a victim’s PC, blocking their access to it, and asking for a ransom payment in order to release a decryption key has become cybercriminals’ favorite type of attack because it was “largely uncontested” and extremely lucrative.
Watch Out for Russia and China
According to the National Cyber Security Centre, the threat actors behind the most devastating ransomware attacks against British entities are based in other countries hence they are frequently unapproachable for Western law enforcement agencies.
The spy chief warned that the UK must pay attention to attacks from China and Russia in particular.
I think that the reason [ransomware] is proliferating – we’ve seen twice as many attacks this year as last year in the UK – is because it works. It just pays. Criminals are making very good money from it and are often feeling that that’s largely uncontested.
So, How Many Ransomware Incidents Occurred This Year?
The agency has refused to reveal the precise number of disclosed ransomware attacks against UK organizations this year or last.
According to a FinCEN analysis of ransomware-related SARs filed in the first half of this year, ransomware is becoming increasingly dangerous to the US finance industry, organizations, and the general population.
The total value of suspicious activity reported in ransomware-related SARs in the US during the first six months of 2021 was $590 million, which exceeds the value reported for the entirety of 2020 ($416 million).
In the midst of growing concerns about China and Russia’s connections to ransomware groups, the director of the GCHQ has also called for more clarity over the ties between threat actors and bellicose nations.
In the shorter term, we’ve got to sort out ransomware, and that is no mean feat in itself. We have to be clear on the red lines and behaviours that we want to see, we’ve got to go after those links between criminal actors and state actors.
As explained by my colleague in this article, ransomware is a sophisticated piece of malware (malicious software) that encrypts all the data on a victim’s PC or mobile device, blocking the data owner’s access to it. After the infection happens, the victims receive a message telling them that a certain amount of money must be paid (usually in Bitcoins) in order to get the decryption key. Normally, there is also a time limit for the payment to be completed, otherwise, the files could be lost forever.
The Future of Ransomware Attacks
Cybersecurity experts think that Russian ransomware will continue to swell due to the development of cyber hacking tools and cryptocurrency payment methods.
According to Lindy Cameron, chief executive of the National Cyber Security Centre (NCSC), this type of attack “presents the most immediate danger” of all cyber threats faced by the UK.
A few months ago, Secretary of State for Justice and Lord Chancellor Dominic Raab stated that countries like Russia can no longer claim that they have nothing to do with ransomware attacks carried out by actors based on their territory.
Given the ongoing wave of Russian-based ransomware attacks, American President Joe Biden has asked Russian President Vladimir Putin during a phone call to act on the attacks against American organizations and infrastructure.
Biden added that the U.S. will take “any necessary action” to protect itself against future attacks.
In the fight against ransomware, Heimdal™ Security is offering to its customers an outstanding integrated cybersecurity suite including the Ransomware Encryption Protection module, that is universally compatible with any antivirus solution, and is 100% signature-free, ensuring superior detection and remediation of any type of ransomware, whether fileless or file-based (including the most recent ones like LockFile).
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;