The cyber crime threat to the UK continues to evolve. The deployment of ransomware remains the greatest cyber serious and organised crime threat to the UK and its use threatens Critical National Infrastructure and poses a risk to national security. Ransomware attacks can have a significant impact on victims due to financial, data and service losses, which can lead to business closure, inaccessible public services and compromised customer data.
Russian-language criminals operating ransomware as a service continue to be responsible for most high profile cyber crime attacks against the UK. Some of these high profile Russian-language groups are known to have links with the Russian state. However, it is highly likely that in most instances these links extend only to tolerance of their activities.
These organised crime groups are becoming more capable and, in some instances, have claimed to introduce stricter controls over the activities of affiliates to improve the effectiveness of their operations. For example, some groups have taken steps to limit their exposure to law enforcement by trying to avoid targeting Critical National Infrastructure and healthcare institutions providing lifesaving medical treatment. There is no guarantee these groups will prove willing or able to enforce their own rules. The attacks against European energy companies in 2022 demonstrate that cyber criminals are still willing and capable of attacking high profile targets.
High-end cyber crime groups continue to improve their business models, almost certainly to make it easier and quicker to extract funds from victims. Extorting victims by threatening to sell or publish stolen data is an established part of the ransomware criminal business model. Newer developments to further pressurise a victim into paying a ransom include making stolen data searchable online or threatening a distributed denial of service attack to publicly disrupt a victim’s services.
Ransomware groups highly likely adapted their methods immediately after the Russian invasion of Ukraine to overcome operational disruptions, such as loss of access to Ukrainian affiliates and their skills, and difficulties in laundering criminal profits. Ransom payments were disrupted as victims were discouraged from paying criminal groups linked to the Russian state. As a result, groups used different ransomware strains, rebranded, and added new methods to pressurise victims into paying.
The wider cyber crime landscape is supported by online marketplaces selling compromised data and tools that enable cyber crime. Cyber tools, including ransomware, are increasingly available to a wide range of cyber criminals, alongside service providers who can provide access to online systems. This marketplace also enables criminals from other threat areas, and enables cyber criminals with only basic capabilities to cause serious harm to UK businesses and individuals.
Cyber criminals will almost certainly continue to exploit current events in their criminal campaigns. For example, using the cost of living issues as a lure in phishing campaigns or by targeting ransomware at sectors perceived as being under pressure. This perceived pressure can be used to compel victims to pay ransoms to restore operations quickly.
Beyond ransomware, the cyber crime threat continues to be high. UK organisations and the public face significant threats from less sophisticated cyber crime, such as distributed denial of service. Malicious emails, aimed at stealing information or encouraging victims to download malware, continue to feature regularly. The compromise of social media and personal email accounts is also a growing trend.
Protect yourself by securing your accounts, data and devices:
Recognise and break suspicious contacts:
Report the incident:
National Cyber Security Centre guidance on Ransomware
Law enforcement does not encourage, endorse nor condone the payment of ransom demands. If you do pay the ransom:
More information is available on the NCSC website.
A cyber attack on Advanced, a company providing services to health care, including some linked to the NHS 111 service, caused disruption to the NHS throughout August 2022.
Affected services included patient referrals, ambulance dispatch, out-of-hours appointment bookings, mental health services and emergency prescriptions.
This example also demonstrates how a cyber attack on a third party provider can have serious consequences beyond the immediate victim and impact customers that rely on its services.