To those in the industry it won’t be a surprise but cybercriminals from Russia and neighbouring states are behind the majority of online extortion conducted against businesses and other organisations in Britain, according to the UK’s cybersecurity agency. To this we can also say pretty much the same applies to Western Europe and also to a large extent the US.
But the UK’s National Cyber Security Centre is more concerned about events closer to home and along with the National Crime Agency claims the most devastating ransomware attacks come out of Russia and neighbouring countries.
The statement is unusual in that British intelligence has come out in the open and pinned the unrelenting waves of ransomware attacks on nation states.
- The NCSC said ransomware was the most important immediate cyber risk to the UK with FTSE 100 companies, schools, local councils and critical national infrastructure all at risk. It also warned that many organisations have no incident response plans and rarely test their cyber defences.
- China was also flagged as a country of concern, because of its sophisticated attacks and lengthy history of attempting to steal commercial, industrial, military and government secrets, including alleged recent attempts to steal vaccine research secrets.
Ransomware gangs can make huge amounts of money and one study estimated that the Wizard Spider or RYUK gang had made $150 million.
Ukrainian ransomware gang nabbed
As if to prove the point a multi-national investigation, involving France, Ukraine, and the FBI, saw the arrest in Kiev, Ukraine, of what Europol describes as "two prolific ransomware operators."
- Police claim that the organised crime group has committed a string of targeted attacks against very large industrial groups in Europe and North America since April 2020.
- The attacks saw firms' computer systems breached by hackers who stole sensitive information from companies before encrypting systems with ransomware and demanding cryptocurrency ransoms equivalent to millions of dollars be paid for a decryption key.
- Corporate victims were told that if they did not pay a ransom, the stolen data would be published on the dark web.
- According to police, companies hit by the attackers suffered over $150 million worth of damage.
The ransomware gang hasn’t yet been named probably because investigators are hoping that the arrests will lead to the identification of more cybercriminals.