00:00Secret agents from the GCHQ department tasked with stopping ransomware attacks,
00:05which is when hackers steal data, lock computer systems and demand a ransom,
00:10say they're dealing with at least one incident every day.
00:14Well, the National Cyber Security Centre is working with Marks and Spencers
00:17after its IT system was shut down earlier this year, you may remember.
00:21Well, the BBC's Panorama programme has also been told that 2025
00:24is likely to be the worst year on record for ransomware attacks.
00:29BBC Panorama's Richard Bilton has more.
00:33When the attack comes, it can be hard to spot.
00:36We've always got a handover from the night supervisor,
00:39so first thing you get out of bed in the morning, cup of tea, bang up the email.
00:43The night supervisor had sort of written on there that he'd suffered some challenges through the night
00:47with some computer systems not working quite properly.
00:52In 2023, KNP was running 500 trucks, most under the brand name Nights of Old.
00:59A ransomware gang locked their computers and stole their data.
01:04This message appeared.
01:05For now, let's keep all the tears and resentment to ourselves
01:08and try to build a constructive dialogue.
01:11The gang demanded a ransom to put things back, but KNP didn't have the money.
01:17The company went bust because the hackers had worked out an employee's password.
01:22Have you ever told them?
01:23No.
01:24Why?
01:26Would you want to know if it was you?
01:29Disruption at Mark's and Spencer's operations after a cyber attack over Easter is still continuing.
01:36It's been a summer of cyber attacks.
01:38M&S and the co-op both breached.
01:41It means high pressure in here.
01:43This is the front line.
01:45Panorama has been given access to the National Cyber Security Centre, part of GCHQ.
01:51These are spies fighting cyber gangs.
01:54It's incredibly common.
01:56I mean, we get in at least one report a day of an organisation being encrypted.
02:01There are so many attackers out there targeting organisations all the time
02:05that, you know, all you need to do is slip up once
02:07and they might find a chink that they can get in.
02:10As we stand at the moment with ransomware, are the criminals winning?
02:14I don't think I'd say the criminals are winning.
02:16They're doing well, though, aren't they?
02:17The criminals are doing well.
02:19At the end of the day, we see so many cyber attacks that aren't successful.
02:25Sadly, it isn't a surprise when one or two do get through
02:27and they create the scale of impact that we've seen.
02:31If prevention fails, another team steps in.
02:35This unit from the National Crime Agency is helping Marks and Spencer,
02:38recently four people were arrested.
02:41It's incredibly busy.
02:43The demand has increased significantly year on year.
02:46I predict it's going to be the worst year on record
02:49for ransomware attacks in the UK, for sure.
02:52Ransomware is the growing lucrative crime that threatens us all.
03:00Well, Richard Bilton joins us now.
03:03Fascinating and important investigation there.
03:06Just tell us how you got access to be able to see
03:09what exactly the security services are doing.
03:13I mean, I've been interested in ransomware for a while.
03:16And so I approached the National Cyber Security Centre last winter.
03:20But then subsequently, Marks and Spencer, the co-op,
03:24there have been these big attacks and it's brought the issue into the foreground.
03:26And I think the people in the NCSC thought, look, this is a massive threat
03:31and people need to know the scale of it.
03:33I mean, their message is quite clear.
03:36You heard it in that piece, which is, you know,
03:39we will do all that we can to provide a first layer, if you like,
03:43to make sure people are safe of ongoing attacks
03:44or try and prevent them and make the system more robust.
03:47But in the end, it's down to companies to protect themselves.
03:51Like if you had a warehouse full of goods,
03:53the police might advise you on the best way of protecting that warehouse,
03:56but ultimately it's down to you.
03:57And they think generally as a nation,
04:00and they're backed up by reports from people like the National Audit Office,
04:03as a nation, we're probably not doing enough at the moment.
04:06We need to do a lot more.
04:09And you say the nation needs to do a lot more.
04:12So how grave is the threat then?
04:16I mean, it's sort of terrifyingly real, I think.
04:19If you talk to people who know about this world,
04:21they will just casually say that we are quite near a national incident.
04:24So the National Audit Office said that the threat was severe and advancing quickly.
04:28That was their words.
04:30A parliamentary joint committee suggested that we were quite close to a catastrophic incident.
04:37I mean, under siege is a big expression, but there are attacks all the time.
04:42And so the NCSC, part of GCHQ, they're doing their job,
04:46they would say, as a sort of lair, and they say, we don't know whether this is true,
04:49but they tell us that they fend off far more than we actually see in the end.
04:54But our level in this country of cyber defence is low.
04:57We've seen very big companies like Marks & Spencer and Co-op,
05:00they have been laid low by these attacks.
05:02So 19,000 ransomware attacks on UK businesses last year.
05:07Industry sources say the average demand is about £4 million a year.
05:11Talk to people who know about this world,
05:13and they'll tell you a lot of companies pay and we never get to hear about it.
05:16They just pay and make it go away.
05:18So this is a genuine threat.
05:21And of course, all our data is wrapped up on the internet.
05:23This is not some different thing about companies that we shop in.
05:26It's about all of us.
05:27All of us hand our data over.
05:29If that company is then breached, then we're all in it.
05:32It's a really interesting subject, isn't it, Richard?
05:35Do we know more about who the hackers are?
05:38Well, we sort of do.
05:40I mean, the thing about internet hackers is you really don't know who you're dealing with.
05:43So there are a series of gangs.
05:46Akira was the gang that were in that piece that you just saw.
05:50But is that Akira?
05:51If somebody else might attack and use that name, you don't know who you're dealing with for sure.
05:54Generally speaking, what makes it hard for the security services
05:58and for the investigators is this is a threat that's overseas.
06:02Often countries like Russia or North Korea or Iran where it's very hard to reach out there.
06:10You know, these attacks take place in areas where you just can't try and prevent them.
06:14And some of those might be geopolitically orientated.
06:16So there'll be direct attacks.
06:18There has been there has been this sort of recent space of attacks and this expression scattered spiders,
06:24which people might have heard of, you know, scattered spiders is that the authorities say is a name that the media has given these people.
06:32But they represent a sort of different brand of attacker, we are told, which is English speaking, kind of people who came through gaming.
06:41So they got into gaming, cheats, worked out how to break the system and that got them in.
06:45Part of what the thing that I find amazing about hacking is it often isn't as basic as computer geeks rewriting code.
06:55We know from the M&S attack that that was effectively a blag.
06:58Somebody bluffed their way into a system, you know, pretended not about M&S, but generally the blagging works.
07:04You say, look, I forgot my password. Can you get me in?
07:06And then you get a weak link you're in and then you're in the system and you can do damage.
07:10So that is a different kind of threat.
07:12But generally the gangs are overseas and then there is this sort of new threat from from from English speaking countries.
07:18It's really fascinating. It's great to see another investigation from you on this subject.
07:22Richard, we always appreciate having you on the BBC News Channel.
07:26Well, you can watch Richard's panorama fighting cyber criminals tonight on BBC One at 8.30 p.m.
07:33if you're watching in the UK and you can watch it on the iPlayer now.
Comments