Ransomware attacks happening every day in UK, intelligence agents say | BBC News - video Dailymotion

Bbc News

#BBCNews Intelligence agents in the UK say they are dealing with at least one ransomware attack every day.   Ransomware attacks are when hackers steal data, lock computer systems and demand a ransom.   The National Cyber Security Centre is working with Marks & Spencer after its IT system was shut down earlier this year.   The BBC's Panorama programme has also been told that 2025 is likely to be the worst year on record for ransomware attacks.  Subscribe here: http://bit.ly/1rbfUog  For more news, analysis and features visit: www.bbc.com/news   #BBCNews

Transcript

00:00Secret agents from the GCHQ department tasked with stopping ransomware attacks,

00:05which is when hackers steal data, lock computer systems and demand a ransom,

00:10say they're dealing with at least one incident every day.

00:14Well, the National Cyber Security Centre is working with Marks and Spencers

00:17after its IT system was shut down earlier this year, you may remember.

00:21Well, the BBC's Panorama programme has also been told that 2025

00:24is likely to be the worst year on record for ransomware attacks.

00:29BBC Panorama's Richard Bilton has more.

00:33When the attack comes, it can be hard to spot.

00:36We've always got a handover from the night supervisor,

00:39so first thing you get out of bed in the morning, cup of tea, bang up the email.

00:43The night supervisor had sort of written on there that he'd suffered some challenges through the night

00:47with some computer systems not working quite properly.

00:52In 2023, KNP was running 500 trucks, most under the brand name Nights of Old.

00:59A ransomware gang locked their computers and stole their data.

01:04This message appeared.

01:05For now, let's keep all the tears and resentment to ourselves

01:08and try to build a constructive dialogue.

01:11The gang demanded a ransom to put things back, but KNP didn't have the money.

01:17The company went bust because the hackers had worked out an employee's password.

01:22Have you ever told them?

01:23No.

01:24Why?

01:26Would you want to know if it was you?

01:29Disruption at Mark's and Spencer's operations after a cyber attack over Easter is still continuing.

01:36It's been a summer of cyber attacks.

01:38M&S and the co-op both breached.

01:41It means high pressure in here.

01:43This is the front line.

01:45Panorama has been given access to the National Cyber Security Centre, part of GCHQ.

01:51These are spies fighting cyber gangs.

01:54It's incredibly common.

01:56I mean, we get in at least one report a day of an organisation being encrypted.

02:01There are so many attackers out there targeting organisations all the time

02:05that, you know, all you need to do is slip up once

02:07and they might find a chink that they can get in.

02:10As we stand at the moment with ransomware, are the criminals winning?

02:14I don't think I'd say the criminals are winning.

02:16They're doing well, though, aren't they?

02:17The criminals are doing well.

02:19At the end of the day, we see so many cyber attacks that aren't successful.

02:25Sadly, it isn't a surprise when one or two do get through

02:27and they create the scale of impact that we've seen.

02:31If prevention fails, another team steps in.

02:35This unit from the National Crime Agency is helping Marks and Spencer,

02:38recently four people were arrested.

02:41It's incredibly busy.

02:43The demand has increased significantly year on year.

02:46I predict it's going to be the worst year on record

02:49for ransomware attacks in the UK, for sure.

02:52Ransomware is the growing lucrative crime that threatens us all.

03:00Well, Richard Bilton joins us now.

03:03Fascinating and important investigation there.

03:06Just tell us how you got access to be able to see

03:09what exactly the security services are doing.

03:13I mean, I've been interested in ransomware for a while.

03:16And so I approached the National Cyber Security Centre last winter.

03:20But then subsequently, Marks and Spencer, the co-op,

03:24there have been these big attacks and it's brought the issue into the foreground.

03:26And I think the people in the NCSC thought, look, this is a massive threat

03:31and people need to know the scale of it.

03:33I mean, their message is quite clear.

03:36You heard it in that piece, which is, you know,

03:39we will do all that we can to provide a first layer, if you like,

03:43to make sure people are safe of ongoing attacks

03:44or try and prevent them and make the system more robust.

03:47But in the end, it's down to companies to protect themselves.

03:51Like if you had a warehouse full of goods,

03:53the police might advise you on the best way of protecting that warehouse,

03:56but ultimately it's down to you.

03:57And they think generally as a nation,

04:00and they're backed up by reports from people like the National Audit Office,

04:03as a nation, we're probably not doing enough at the moment.

04:06We need to do a lot more.

04:09And you say the nation needs to do a lot more.

04:12So how grave is the threat then?

04:16I mean, it's sort of terrifyingly real, I think.

04:19If you talk to people who know about this world,

04:21they will just casually say that we are quite near a national incident.

04:24So the National Audit Office said that the threat was severe and advancing quickly.

04:28That was their words.

04:30A parliamentary joint committee suggested that we were quite close to a catastrophic incident.

04:37I mean, under siege is a big expression, but there are attacks all the time.

04:42And so the NCSC, part of GCHQ, they're doing their job,

04:46they would say, as a sort of lair, and they say, we don't know whether this is true,

04:49but they tell us that they fend off far more than we actually see in the end.

04:54But our level in this country of cyber defence is low.

04:57We've seen very big companies like Marks & Spencer and Co-op,

05:00they have been laid low by these attacks.

05:02So 19,000 ransomware attacks on UK businesses last year.

05:07Industry sources say the average demand is about £4 million a year.

05:11Talk to people who know about this world,

05:13and they'll tell you a lot of companies pay and we never get to hear about it.

05:16They just pay and make it go away.

05:18So this is a genuine threat.

05:21And of course, all our data is wrapped up on the internet.

05:23This is not some different thing about companies that we shop in.

05:26It's about all of us.

05:27All of us hand our data over.

05:29If that company is then breached, then we're all in it.

05:32It's a really interesting subject, isn't it, Richard?

05:35Do we know more about who the hackers are?

05:38Well, we sort of do.

05:40I mean, the thing about internet hackers is you really don't know who you're dealing with.

05:43So there are a series of gangs.

05:46Akira was the gang that were in that piece that you just saw.

05:50But is that Akira?

05:51If somebody else might attack and use that name, you don't know who you're dealing with for sure.

05:54Generally speaking, what makes it hard for the security services

05:58and for the investigators is this is a threat that's overseas.

06:02Often countries like Russia or North Korea or Iran where it's very hard to reach out there.

06:10You know, these attacks take place in areas where you just can't try and prevent them.

06:14And some of those might be geopolitically orientated.

06:16So there'll be direct attacks.

06:18There has been there has been this sort of recent space of attacks and this expression scattered spiders,

06:24which people might have heard of, you know, scattered spiders is that the authorities say is a name that the media has given these people.

06:32But they represent a sort of different brand of attacker, we are told, which is English speaking, kind of people who came through gaming.

06:41So they got into gaming, cheats, worked out how to break the system and that got them in.

06:45Part of what the thing that I find amazing about hacking is it often isn't as basic as computer geeks rewriting code.

06:55We know from the M&S attack that that was effectively a blag.

06:58Somebody bluffed their way into a system, you know, pretended not about M&S, but generally the blagging works.

07:04You say, look, I forgot my password. Can you get me in?

07:06And then you get a weak link you're in and then you're in the system and you can do damage.

07:10So that is a different kind of threat.

07:12But generally the gangs are overseas and then there is this sort of new threat from from from English speaking countries.

07:18It's really fascinating. It's great to see another investigation from you on this subject.

07:22Richard, we always appreciate having you on the BBC News Channel.

07:26Well, you can watch Richard's panorama fighting cyber criminals tonight on BBC One at 8.30 p.m.

07:33if you're watching in the UK and you can watch it on the iPlayer now.

Ransomware attacks happening every day in UK, intelligence agents say | BBC News

Category

Transcript

Recommended