British firms paid out more than £200m in ransoms to cyber criminals last year, experts reveal - Money

British businesses were forced to pay out more than £200 million in ransoms to cybercriminal gangs last year, it has been revealed.

High profile companies including smartwatch maker Garmin, foreign exchange giant Travelex and the National Trust have been targeted with malicious software by hackers, many from Russia or Eastern European countries.

They have then charged tens of millions of pounds to get back up and running.

Fears of public embarrassment, fines from regulators and lost data means firms are now showing ‘more willingness to pay the ransom’, according to the Times.

Criminals across the world have made an estimated £19 billion from the practice, which has proved so successful that job listings have even appeared on the dark web to attract recruits.

A number of attacks across the globe, including the hit on Garmin, was reportedly carried out by a group called Evil Corp, headed by 33-year-old Russian playboy hacker, Maksim Yakubets, who drives a customized £190,000 Lamborghini, complete with a number plate that says ‘thief’.

Watchmaker Garmin was a victim of an attack and ended up having to close its services for a week

MPs demand ransoms be made illegal

Calls have been made for tougher laws against the payment of ransoms, which are legal to make unless it is known the money is for the purposes of terrorism.

MPs are and more resources for police and security agencies, after the World Economic Forum described a ‘stunning enforcement gap’ in dealing with cybercrime.

Security specialists have warned ransomware attacks is proving an increasingly attractive proposition for criminals due to the lucrative returns and slim chances of getting caught.

Julian Knight, Tory chairman of the digital, culture, media and sport committee, told the Times: ‘The UK has always massively under-invested in the area of tackling cybercrime, making our country a soft target. I urge extra to be spent on proper policing and our government to redouble efforts to coordinate a global response.’

Analysts add that publicity can play into the hands of criminals as high profile companies who fall victim to attacks may feel encouraged to pay up to avoid having their name splashed in the media.

Furthermore, insurance firms are increasingly urging clients to pay the ransom when attacked in order to regain access to files and avoid even greater costs long-term.

The downtime cost for a ransomware attack averages more than £4,277 a minute, according to consultancy firm, Gartner.

The United States has put up a $5million (£3.8million) reward – the largest ever offered for a cyber-criminal – for Yakubets’ capture.

US consultancy Emsisoft said British companies have likely been hit by 5,000 ‘ransomware’ attacks last year, which resulted in estimated payments of £210m to criminals, often in the form of bitcoin and other cryptocurrencies, which can’t be traced to an individual.

The ransom figure could be even higher with many businesses reluctant to admit they had taken part, as the Emsisoft report reveals only France, Spain, Germany, Italy and the US have paid out more than Britain in ransom fees.

It comes as MPs demand tougher laws against the payment of ransoms, which are legal to make unless it is known the money is for the purposes of terrorism, and more resources for police and security agencies, after the World Economic Forum described a ‘stunning enforcement gap’ in dealing with cybercrime.

Former cabinet minister David Davis told the Times: ‘It should be illegal. Companies are just being irresponsible in paying these people off.’

The National Crime Agency added that a decision ultimately lies with the victim but said it encourages industry and the public not to pay up.

Recent victims of hacking include 33 British universities and dozens of charities such as the National Trust, who were hit by an attack on Blackbaud, a software provider they all used.

Garmin was also a victim, and ended up having to close its services for a week, as was Travelex which had to use pen and paper when serving customers.

Blackbaud, Garmin and Travelex are all believed to have paid ransoms to regain access to networks.

Brett Callow, a threat analyst for Emsisoft said: ‘The groups are successfully hunting ever bigger game. Organisations paid about $25 billion in ransom demands in 2019, which means the groups have no shortage of money to invest in ramping up their operations in terms of scale and sophistication.’

Recent victims of hacking include dozens of charities such as the National Trust (Knole house in Kent, pictured), who were hit by an attack on Blackbaud, a software provider they all used

Travelex had to use pen and paper when serving customers after being targeted by hackers

Who are Russian cybercriminal group Evil Corp?

Evil Corp is a Russia-based cybercriminal organization who are believed to be responsible for ransomware attack against Garmin.

The group are known for the development and distribution of Dridex malware which worked to steal confidential information, including online banking credentials from infected computers.

In 2016, it was estimated the group had managed to obtain banking credentials from customers at more than 300 banks and financial institutions in more than 40 countries earning them at least $100 million.

Evil Corp operates as a business run by a group of individuals based in Moscow, Russia.

In December 2019, the Department of State announced a $5 million reward for information leading to the capture of its leader, Maksim Yakubets who is thought to be responsible for managing and supervising the group’s malicious cyber activities.

The NCA, Metropolitan Police and National Cyber Security Centre, working alongside the US Justice Department and FBI, have spent five years investigating Evil Corp, which is said to pose the ‘most significant cyber-crime threat to the UK’.

According to investigators, Evil Corp has targeted the UK for a decade. It uses several types of rogue software that have intercepted bank transfers from the public and hundreds of businesses including schools and religious organisations.

Yakubets is alleged to have run the operation since May 2009 from the basements of Moscow cafes.

He is said to have employed dozens of people to steal money from victims in 43 countries using computer viruses that are designed to target only victims outside Russia.

The ‘malware’ is downloaded when a victim clicks on an email attachment. It remains hidden on their computer to harvest their personal and financial data such as online banking details – which is subsequently used to drain their accounts.

Operating online under the name Aqua, the hacker and his associates are accused of stealing at least £76million.

US treasury officials also say Yakubets has provided ‘direct assistance to the Russian government’ by acquiring confidential documents for the FSB.

He was also said to be part of a scheme in which Russian intelligence agencies recruit criminals to hack national security targets.

The Information Commissioner’s Office said this week ‘multiple’ organisations in the UK had been hit.

A spokeswoman said: ‘People have the right to expect that organisations will handle their personal information securely and responsibly. If an individual has concerns about how their data has been handled, they should raise it with the organisation first then report them to us if they are not satisfied with the response.’