Britain highly exposed to crippling ransomware attacks, says report

Dec. 13 (UPI) -- Britain could be brought to a standstill from a "catastrophic ransomware attack" due to a lack of preparedness and investment, a panel of members of Parliament and peers warned Wednesday.

The country faced a high risk of being hit "at any moment" by a cyber attack that would cripple critical national energy, water, transport and telecommunications networks, according to a report by the Joint Committee on the National Security Strategy.

The report accused the government of not making adequate investment in averting major cyberattacks and singled out the Home Office, which is responsible for policy on the issue, for not making it a priority saying former Home Secretary Suella Braverman showed zero interest.

"The U.K. has the dubious distinction of being one of the world's most cyberattacked nations. It is clear to the committee that the government's investment in and response to this threat are not equally world-beating, leaving us exposed to catastrophic costs and destabilizing political interference," said the committee's chair, Labour MP Margaret Beckett.

The report also urges the Foreign Office to look into additional sanctions against Russia after the government Thursday accused a Federal Security Service (FSB) coordinated cybercrime unit, known as Callisto, of a "sustained" cyberattack against MPs, peers, civil servants, journalists and NGOs.

British officials said the malicious attacks by the group, which also goes by other names, including Star Blizzard, specifically targeted Britain's democratic processes.

The National Cyber Security Center said the group had targeted members of Parliament from at least 2015, and officials blame it for leaking compromising U.S.-Britain trade documents ahead of elections in 2019.

The group also targeted U.S. intelligence community, departments of Defense and State staff, contractors and Department of Energy facilities.

Britain's public services have been hit by a number of large-scale ransomware attacks with at least two targeting the National Health Service, the most recent of which in 2022 saw patients' data fall into the hands of cybercriminal gangs.

In 2020, a ransomware attack on a metropolitan local authority in the northeast of the country left it unable to access its systems for almost three weeks and with an estimated repair bill of $23 million.