The National Crime Agency has urged victims of ransomware attacks in the UK not to pay up, but instead to report the crime to law enforcement.
At a briefing for journalists on Thursday, 27 June, Rob Jones, Director of the National Crime Agency, said: "It’s a matter for the victims but we don’t want that market to grow and the best way is for them to turn down the demands."
"Sometimes it’s a very small amount that is being demanded but they are targeting people across the world, so it ends up being a lot," he added.
Mr Jones said cyber crime was divided between "low-volume, high-complexity" attacks and "high-volume, low complexity" crimes.
The former were usually sophisticated attempts to target wealthy individuals or companies, while the latter were often ransomware attacks which targeted thousands of people globally and often demanded relatively small amounts of money, often in Bitcoin.
Sometimes ransomware targets people who have been accessing pornography websites and the victims pay up to avoid embarrassment.
— South West ROCU (@SWROCU) 25 June 2019
In April this year Zain Qaiser, 24, was jailed for six years for infecting millions of computers between 2012 and 2014 with ransomware. Qaiser, who was part of a group of cyber criminals, made £500,000 from the operation.
Qaiser also blackmailed advertising companies, warning one director if he refused to allow their pop-ups on a porn website: “I’ll first kill your server, then send child porn spam abuses.”
— CPS (@cpsuk) 9 April 2019
Qaiser, a former City University student in London, worked with top-level cyber criminals based in Eastern Europe.
NPCC cyber lead, Chief Constable Peter Goodman, said: “Ransomware is the most prevalent means of attack at the moment. People are unwittingly downloading malware through phishing emails or by visiting certain websites.”
He said it was relatively easy for individuals to buy malware and find stolen credentials so at to buy cryptocurrency capacity. It’s high in terms of reward and low in terms of risk.”
— NationalCrimeAgency (@NCA_UK) 21 June 2019
Banks, retailers, councils and even the taxman have demanded in recent years that customers carry out their transactions online.
Mr Jones said: "You can’t function as a citizen nowadays without being online, so everyone is a potential victim."
— Rynardt Spies (@rynardtspies) 25 March 2019
But Jones said: “Even in the digital world every contact leaves a trace” and he said the National Crime Agency, working in partnership with police forces across the UK, the National Cyber Crime Centre and partners like the FBI had managed to increase by 65 percent the number of people it had arrested for cyber crime.
— The Hacker News (@TheHackersNews) 26 June 2019
Another case which was highlighted was that of Daniel Kaye, a British national, who was jailed for 32 months in January after admitted attacking an African phone company and bringing down the entire internet in Liberia in 2016.
Detective Superintendent Andrew Gould, of the Metropolitan Palace, said the UCL Millennium Cohort Study contained some very worrying statistics.
Det Supt Gould said: "We worry about our children’s risky behaviours. We worry about under-age smoking, drinking and sex but according to the study more young people are involved in hacking than in all three activities."
He pointed out the case of Daniel Kelley, who began hacking at the age of 15, and was jailed for four years earlier this month.
Kelley, now 22, from Llanelli, Carmarthenshire, pleaded guilty to 11 charges including involvement in a malware attack where the personal data of more than 150,000 TalkTalk mobile phone network customers was stolen.
The National Crime Agency and the Metropolitan Police are about to launch a new scheme, called Cyber Choices, which will attempt to engage hackers aged between 13 and 22.
Instead of charging them with crimes, it will offer them training using Immersive Labs and seek to get them interested in a career in coding.
Mr Jones denied a journalist’s suggestion that it was tantamount to teaching a potential terrorist “how to make a bomb” and said there was a “skills shortage” in Britain and many of those who had embarked in hacking could potentially have lucrative careers in the IT industry or working on growth industries like driverless cars.