BBC's Panorama takes a look at the threat of ransomware on businesses

On July 21, BBC One aired Panorama: Fighting Cyber Criminals, a show which lifted the lid on ransomware. In this blog, we take a look at what they covered and link to the show via BBC iPlayer.

No journalists or film crews had been allowed to film inside the National Cyber Security Centre, but although heavily supervised, the BBC were granted permission to talk to the secret agents fighting ransomware.

With cyber attacks prominent on UK news headlines since Easter with the high profile attacks on Marks & Spencer and the Co-op, the BBC talked to those who are fighting against cyber crime.

Richard Horne, CEO of the NCSC said, “We’ve seen the tide of cyber attacks rising over many years, so it’s really important for us to get the message out there. We can’t solve cyber security for the nation; we need orgainations to take the steps they need to take to secure their systems to secure their businesses”.

On the topic of ransomware, Jamie MacColl from the Royal United Services Institute said, “Attackers don’t need every victim to pay, they just need some of them to pay. It’s kind of like a criminal walking down the street and checking car doors to see which ones happen to be unlocked rather than only looking for Bentleys and BMWs”, highlighting the fact that cyber criminals are not just interested in the big names and every business is a target.

M&S’s online store was closed for 7 weeks after the recent attack, costing the company £300m in lost profits. But the BBC then pointed out that what people don’t necessarily know is that the attacks impact businesses further down the chain. The Black Farmer in Brixton, London, supplied both M&S and the Co-op with its products. With a distributor also being attacked at the same time, they lost hundreds and thousands of pounds in lost revenue, a lot of money for a small business.

The BBC were also granted permission to the National Crime Agency’s headquarters, too – the investigative agency behind the M&S attack.

James Babbage, Director General (Threats) at the NCA, said, “We’re seeing cyber criminals – generally actually quite young, teenagers, early 20s – getting into cyber crime, probably through gaming. They’re recognising that their deception skills can be used to con helpdesks and the like into getting access into companies. It’s about convincing a helpdesk that they are an administrator or employee in a company”.

And once they’re in, criminals can use ransom software they have bought online to steal data and lock computer systems.

There were an estimated 19,000 ransomware attacks on UK businesses last year, with the typical ransomware demand around the £4m mark.

The hackers are sometimes stopped, but the threat is constant, and the hackers aren’t always doing anything different – they’re just hitting businesses on a bad day and taking advantage of them.

Easy to guess passwords and out of date technology and software make it simpler for hackers to get in.

Mr Horne continued: “We’ve seen a wave of cyber attacks over the last few years that has been steadily growing. We see so many cyber attacks that aren’t successful, sadly it isn’t a surprise when one or two get through and create the scale of impact we’ve seen recently”.

One password is believed to have been all it took for a ransomware gang to destroy a 158-year-old company and put 700 people out of work back in 2023.

KNP - a Northamptonshire transport company - is just one of tens of thousands of UK businesses that have been hit by such attacks.

In KNP's case, it's thought the hackers managed to gain entry to the computer system by guessing an employee's password, after which they encrypted the company's data and locked its internal systems.

The company said its IT complied with industry standards and it had taken out insurance against cyber-attack.

But a gang of hackers, known as Akira, got into the system leaving staff unable to access any of the data needed to run the business. The only way to get the data back, said the hackers, was to pay.

The hackers didn't name a price, but a specialist ransomware negotiation firm estimated the sum could be as much as £5m. KNP didn't have that kind of money. In the end all the data was lost, and the company went bust...and all because a criminal guessed a password.

You can read more on that story here: Weak password allowed hackers to sink a 158-year-old company - BBC News

In the case of South Staffordshire Water, a Ukrainian ransomware threat actor claimed they had infiltrated their systems and would pollute the water of a local reservoir which the community relies on to deadly levels if they didn’t pay up.

The water company claims they did not pay the ransom and said they increased their cyber security levels as a result of the attack.

The National Cyber Security Centre offers free security advice and guidance to UK businesses, and we are aligned with them; all our advice and guidance adheres to theirs.

The NCSC has issued 200,000 certifications to businesses under its Cyber Essentials scheme, but 5 million UK companies are yet to sign up.

NCSC CEO Richard Horne concluded, “We’re focused on how we can raise the defences of organisations. At the end of the day that’s the best disruption, just make it hard for them and they will move on. So raising the level of defences and the level of resilience across our society is paramount”.

You can watch the whole 30-minute program via BBC iPlayer here: Panorama - BBC iPlayer

Get free advice and guidance via our  free information packs when you sign up to our email subscription service.

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).