Ransomware is growing at an alarming rate, warns GCHQ chief

Cyber-criminal gangs are looking to 'exploit the accelerations in connectivity and poor cybersecurity,' warns GCHQ director Jeremy Fleming.

Why is ransomware such a big threat and how do you defend your network against it?

The scale and severity of ransomware is growing at an alarming rate as cyber criminals look to exploit poor cybersecurity to maximise profit, the director of GCHQ has warned.

Organisations and their employees have been forced to adapt to different ways of working over the past year, with many now even more reliant on remote services and online collaboration platforms.

But while the increased use of digital technology has provided people with many benefits, it is also benefiting cyber criminals who are able to exploit it for their own gain.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  

"Our reliance on technology to stay close to loved ones, enable different ways of working and access crucial services has dramatically increased. Most of this has been to our benefit. But it's benefited our foes too as they exploit the accelerations in connectivity and poor cybersecurity," said Jeremy Fleming, director of GCHQ, the UK's intelligence and cyber agency.

Delivering this year's Imperial College Vincent Briscoe Annual Security Lecture, Fleming warned how hostile nation states are looking to exploit the digital realm to conduct cyberattacks – including attempts to steal coronavirus research and exploit supply chains with malware and phishing attacks.

But cyber-criminal gangs also represent a major threat and Fleming warned that ransomware in particular represents a cybersecurity danger for organisations of all kinds.

"We've seen ransomware become a serious threat, both in terms of scale and severity. Increasingly, it targets crucial providers of public services, as well as businesses, as criminals play on our dependence on tech," he said.

Ransomware attacks involve cyber-criminal groups infiltrating networks and locking files and servers with encryption then demanding a ransom of millions of dollars – often in Bitcoin – for the decryption key to return the files.

The rise in remote working has provided cyber criminals with additional avenues to gain initial access to networks as they exploit remote desktop services and VPNs, often secured with common or default passwords, while the nature of remote work means it's more difficult for information security teams to differentiate legitimate behaviour from potentially suspicious activity.

That's led to a rise in ransomware attacks against organisations in all sectors – and the attacks remain successful because there's a significant percentage of victims who'll pay the ransom of millions in order to retrieve their files.

"It has resulted in serious disruptions to education, health and local authorities, caused huge losses for unprepared businesses and has rapidly become a significant threat to our supply chains," said Fleming

"There's a whole other lecture here about the need for concerted action to address this trend – but for now, all I'd say is that it's growing at an alarming rate".

SEE: Hackers are actively targeting flaws in these VPN devices. Here's what you need to do

While ransomware is a growing threat to organisations, there are cybersecurity procedures that can help make networks more reliant against attacks.

They include avoiding the use of default login credentials while also adding two-factor authentication to help secure user accounts.

Organisations should also apply security patches and updates as soon as possible after they're released, to stop cyber criminals being able to exploit known vulnerabilities as part of attacks.

MORE ON CYBERSECURITY