Lindy Cameron said her agency, an arm of GCHQ, and the National Crime Agency had assessed that cyber criminals based in Russia, and its neighbours, were responsible for the most of the "devastating" ransomware attacks against the UK.
She said these types of attack posed a threat to everyone from major companies to local councils and schools.
Speaking at a Chatham House Cyber conference, Ms Cameron warned that not enough organisations were prepared for the threat or tested their cyber defences.
Increasingly in recent cases, criminal gangs have also threatened to release some of the data they have access to publicly.
Hackney Borough Council was hit by one attack which led to significant disruption to services and IT systems going down for months.
Ireland's Health Service Executive also suffered a significant attack this year, leading to months of disrupted appointments and services.
Ransomware has risen up the agenda in recent months, particularly the United States where an attack on the company Colonial Pipeline led to fuel shortages on the east coast.
President Biden warned President Vladimir Putin about activity that came from gangs within Russia.
There had been some signs that Russian-linked activity dipped over the summer but cyber-security experts believe much of that may be to do with the hackers taking their summer holiday rather than any fundamental shift away from what has been a highly-lucrative business model.
Ms Cameron said that ransomware would continue to be attractive while organisations remained vulnerable and were willing to pay. She said the government had been clear that paying ransoms simply emboldened criminal groups.
As well as improving its defences, she also said the UK would aim to deliver a "sustained, proactive" campaign to disrupt those harming the UK, including ransomware gangs.
This would include a range of techniques including the newly established National Cyber Force which can carry offensive hacking operations.
In a wide-ranging speech, Ms Cameron, who has served just over a year as head of the NCSC, said the pandemic continued to cast a shadow over cyber-security and was likely to do so for years to come.
"Malicious actors continue to try and access Covid related information, whether that is data on new variants or vaccine procurement plans," she said.
"Some groups may also seek to use this information to undermine public trust in government responses to the pandemic. And criminals are now regularly using Covid-themed attacks as a way of scamming the public."
She also made reference to the recent revelations about the Pegasus spyware sold by the company NSO Group, saying that the NCSC has raised a "red flag" about the growing commercial market for sophisticated products which can be used to hack into people's phones and carry out surveillance.
Last week a UK court ruling found that NSO spyware had been used to hack into the phones of the ex-wife of Dubai's ruler.
"We need to avoid a marketplace for vulnerabilities and exploits developing that makes us all less safe," she said.
She warned of the dangers of "authoritarian states like China" having the ability to influence the standards of new technology in a way that undermines the UK's security. She said the UK needed to be "clear eyed" and protect itself "against Chinese practices that have an adverse effect on our own prosperity and security".