British signals intelligence agency GCHQ is looking at deploying military hackers from the UK’s new National Cyber Force to “go after” ransomware gangs, the agency’s director has revealed.
The number of ransomware attacks — in which hackers seize a company’s systems or data and will release them only when a ransom is paid — has doubled across the UK in 2021 compared with last year, Sir Jeremy Fleming warned.
“The reason it is proliferating is because it works . . . criminals are making very good money from it and are often feeling that [it’s] largely uncontested,” he said, adding that the British public were more likely to be the victims of cyber crime than any other crime. Ransomware has boomed during the Covid-19 pandemic as remote working increased companies’ vulnerabilities to hackers.
The GCHQ director, who was addressing the US Cipher Brief threat conference via video link on Monday, said that one way of targeting groups which were beyond the reach of police and prosecutors would be through what he called “the pointy end of the spear”, involving offensive cyber campaigns.
While the details of such operations are top secret, they typically involve actions such as blocking adversaries’ phone signals or disrupting their servers. Last year the UK announced the creation of the National Cyber Force run jointly by intelligence agencies and the military that will sharpen Britain’s cyber warfare capabilities.
Discussing how the NCF could be used against ransomware gangs, Fleming said: “I’m pretty clear from an international law perspective and certainly from our domestic law perspective you can go after [criminal actors].”
The White House is leading international action on ransomware after a series of disabling attacks, including one earlier this year on the Colonial Pipeline, a petroleum artery supplying America’s East Coast. A coalition of more than 30 countries including the US, India, Australia, the UK, Germany, Ukraine and Estonia met virtually this month to co-ordinate their responses towards hacking gangs, which originate predominately in Russia and China.
Fleming emphasised that combating ransomware involved calling out the links between states and criminal networks. “We’ve got to sort out ransomware and that is no mean feat in itself, we have to be clear on the red lines and behaviours that we want to see, we’ve got to go after those links between criminal actors and state actors and impose costs where we see that,” he told the conference.
At a summit in Geneva this summer, US president Joe Biden warned his Russian counterpart Vladimir Putin that the US would “respond with cyber” if Russian state or Russian-based hackers targeted critical US infrastructure. Anne Neuberger, deputy national security adviser to the White House on cyber threats, told the Financial Times this month that the US was “looking to see near-term progress in actions” after sharing information with Moscow on ransomware gangs operating in Russia.
Emily Taylor, an expert in cyber and international security at Chatham House think-tank, expressed concern that deploying the NCF against ransomware gangs might risk escalation, “and a descent into tit-for-tat approaches rather than fixing the systemic problem, which is a lack of a workable international criminal justice system [for cyber]”.
Taylor also expressed some doubts that Russia would respond to being publicly castigated for allowing hacking gangs to flourish and proliferate. “Russia is a state that is viewed as allowing its territory to become a safe harbour for organised criminal cyber gangs,” she said. “We have seen states calling out those links and routine denials by Russia. Naming and shaming only works if the state cares about its place in the international community.”