As cybercrime soars to new heights, experts warn of catastrophic consequences

The UK is facing a growing threat from ransomware attacks, with thousands of businesses falling victim to these devastating cyber-attacks every year. One such incident saw a 158-year-old transport company, KNP, brought to its knees by a single weak password. The company’s IT system was compromised, leading to the loss of all its data and ultimately, its demise.

According to the National Cyber Security Centre (NCSC), the UK is hit by a major ransomware attack every day. The NCSC, part of GCHQ, is working tirelessly to combat these attacks, but experts warn that the threat is growing and becoming increasingly sophisticated. “The hackers are constantly finding organisations on a bad day and then taking advantage of them,” said a NCSC operative, who wished to remain anonymous.

The NCSC’s CEO, Richard Horne, agrees that companies need to improve their cyber-security measures. “If prevention doesn’t work, another team of officers at the National Crime Agency (NCA) has the job of catching the offenders,” he said. However, the NCA’s Suzanne Grimmer warns that hacking is becoming easier, with some tactics not even requiring a computer. “These criminals are becoming far more able to access tools and services that you don’t need a specific technical skill set for,” she said.

The M&S hack, which saw customer data stolen and deliveries delayed, is just one example of the devastating impact of ransomware attacks. James Babbage, Director General (Threats) at the NCA, warns that the hackers are a younger generation, who are “getting into cybercrime probably through gaming”. “They’re recognising that their sort of skills can be used to con help desks and the like into getting them access into companies,” he said.

The NCSC has reported a significant increase in ransomware attacks over the past few years. In 2023, there were an estimated 19,000 ransomware attacks on UK businesses, with the typical ransom demand averaging around £4m. The NCSC’s Sam, a team leader, notes that the hackers are not just targeting large corporations, but also smaller businesses and even individuals. “They’re looking for any weak link, any vulnerability they can exploit,” he said.

The government has proposed banning public bodies from paying ransoms, and private companies may soon be required to report ransom attacks and obtain government permission to pay up. However, many companies are choosing not to report the crime and simply paying the criminals, according to Paul Cashmore, a cyber-specialist brought in by KNP’s insurers. “This is organised crime,” he said. “I think there is very little progress against catching the perpetrators, but it’s devastating.”

As the threat from ransomware attacks continues to grow, experts warn that companies need to take steps to secure their systems and protect themselves against these devastating cyber-attacks. “Companies need to think about cyber-security in all the decisions they make,” said Richard Horne. “It’s a national security threat in its own right, both here and throughout the world,” added James Babbage.

In a bid to combat the threat, the NCSC is working closely with the NCA and other law enforcement agencies to disrupt and dismantle ransomware gangs. The NCSC’s Jake, a night duty officer, notes that the team is making progress, but the threat is constantly evolving. “It’s a cat-and-mouse game,” he said. “We’re constantly adapting and evolving our tactics to stay ahead of the hackers.”

In the meantime, companies are being urged to take steps to protect themselves against ransomware attacks. This includes implementing robust cyber-security measures, such as firewalls and encryption, as well as training employees on how to identify and report suspicious activity. The NCSC’s Richard Horne notes that companies need to take a proactive approach to cyber-security, rather than just relying on reactive measures. “It’s a long-term game,” he said. “We need to work together to build a more secure online environment.”