The threat from cybercrime
The deployment of ransomware remains the greatest cyber serious and organised crime threat to the UK and its use threatens Critical National Infrastructure and poses a risk to national security. Ransomware attacks can have a significant impact on victims due to financial, data and service losses, which can lead to business closure, inaccessible public services and compromised customer data.
Russian-language criminals operating ransomware as a service continue to be responsible for most high profile cybercrime attacks against the UK. Some of these high profile Russian-language groups are known to have links with the Russian state. However, it is highly likely that in most instances these links extend only to tolerance of their activities.
High-end cyber crime groups continue to improve their business models, almost certainly to make it easier and quicker to extract funds from victims. Extorting victims by threatening to sell or publish stolen data is an established part of the ransomware criminal business model. Newer developments to further pressurise a victim into paying a ransom include making stolen data searchable online or threatening a distributed denial of service attack to publicly disrupt a victim’s services.
The wider cyber crime landscape is supported by online marketplaces selling compromised data and tools that enable cyber crime. Cyber tools, including ransomware, are increasingly available to a wide range of cyber criminals, alongside service providers who can provide access to online systems. This marketplace also enables criminals from other threat areas, and enables cyber criminals with only basic capabilities to cause serious harm to UK businesses and individuals.
Although young criminals are often driven by peer kudos rather than financial reward, organised cyber crime groups are motivated by profit. Cyber criminals seek to exploit human or security vulnerabilities in order to steal passwords, data or money directly.
Other, less sophisticated cyber threats include:
- Hacking - including of social media and email passwords
- Phishing - bogus emails asking for security information and personal details
- Malicious software – including ransomware through which criminals hijack files and hold them to ransom
- Distributed denial of service (DDOS) attacks against websites – often accompanied by extortion
Cyber attacks are financially devastating and disrupting and upsetting to people and businesses. They undermine the economic stability of the UK and cost the UK economy millions of pounds each year.
The NCA is committed to improving the UK’s resilience to cyber-attacks and improving the law enforcement response to the cyber-crime threat, by taking action against those responsible, wherever they may be located.
The Cyber Impact
The NCA is proud to be a part of The Cyber Impact, a news style programme by ITN Business which explores the rapidly evolving realm of cyber threats and their profound impact on organisations.
Paul Foster, head of the Agency’s National Cyber Crime Unit, features in the programme talking about how the NCA is targeting the highest harm cyber criminals, our work to prevent young people falling into cyber crime, plus his insights on the most prominent threats facing the UK.
Our response
Cyber crime is a global threat. Criminals and the technical infrastructure they use are often based overseas, making international collaboration essential.
We focus on critical cyber incidents as well as longer-term activity against the criminals and the enablers that make up the cybercrime business model. This approach targets the online cyber criminal ecosystem that provides products, goods and services, which make it easier for people to commit cyber crime.
We break the ecosystem down into five pillars:
- Infrastructure
- Financial Services
- Initial access & compromise
- Marketplaces & forums
- UK victims
We work closely with UK police, regional organised crime units, and partners in international law enforcement such as Europol, the FBI and the US Secret Service to share intelligence and coordinate action. We have also developed close and effective partnerships with private industry to share information and technical expertise.
Cyber Choices
As well as disrupting the current generation of cyber criminals we also want to prevent young people from slipping into cyber crime. Our Cyber Choices programme helps them make informed choices and encourages them to use their cyber skills in a legal way.
We also work with partners such as the National Cyber Security Centre and Cyber Aware to promote ways for the public and businesses to protect themselves online.
How you can help
Protect yourself by securing your accounts, data and devices:
- Protect your accounts by using a strong and different password for your email using three random words and by turning on 2-step verification. Follow Cyber Aware advice
- Protect your information when using social media
- Select online providers and retailers which offer good protection for you and your data/information
Recognise and break suspicious contacts:
- Stop and check official contact routes practices and payment details. If you have any doubts about a message, don’t use the number or address in the message, but use the details from their official website to contact the organisation directly.
Report the incident:
- If you’ve received a suspicious email, forward it to report@phishing.gov.uk
- Report suspicious text messages to 7726
- If you have fallen victim to fraud, report it to Action Fraud in England, Wales or Northern Ireland. For Scotland report to Police Scotland by calling 101.
National Cyber Security Centre guidance on Ransomware
Law enforcement does not encourage, endorse nor condone the payment of ransom demands. If you do pay the ransom:
- there is no guarantee that you will get access to your data or computer;
- your computer will still be infected;
- you will be paying criminal groups;
- you are more likely to be targeted in future.
More information is available on the NCSC website.
