NCSC boss: Ransomware is the biggest cyber threat facing the UK
Lindy Cameron will tell the RUSI think tank that a 'coordinated response' is needed to combat 'increasingly professional' cybercriminals
The head of the National Cyber Security Center (NCSC), Lindy Cameron, is set to say that ransomware represents the biggest threat to online security for most people and businesses in the UK, according to national news reports.
Cameron will this afternoon tell the RUSI think tank that ransomware, which sees user data stolen and locked until a ransom is paid, has become "increasingly professional".
She will warn that the primary threat facing UK citizens and businesses is "not state actors but cybercriminals" following a number of high-profile attacks in recent times, including on the NHS in 2017.
Travelex, a foreign exchange service provider, also paid $2.3m to hackers last year before it fell into administration.
"Ransomware has historically been the preserve of high-end cybercrime groups with access to advanced technical skills and capabilities based in overseas jurisdictions who turn a blind eye, or otherwise fail to act, to pursue these groups," she is expected to say.
"But the ecosystem is evolving through Ransomware as a Service, (RaaS); the business model where ransomware variants and lists of targets, credentials and other tools useful for ransomware deployment are available off the shelf for a one-off payment or a share of the profits.
"As the business model has become more and more successful, with these groups securing significant ransom payments from large profitable businesses who cannot afford to lose their data to encryption or to suffer the down time while their services are offline, the market for ransomware has become increasingly professional."
She will call for a "coordinated" and "whole government" response to tackling ransomware threats, arguing that action must be taken to "prevent the activities of the groups behind these damaging attacks".
"And it includes seeking the strongest criminal justice outcomes for those we apprehend. There are other players with a key role such as the cyber insurance industry which has a role to play in bearing down on the payment of ransoms and cryptocurrencies entities who facilitate suspicious transactions" she will add.