Jump to content
  • Sign Up
×
×
  • Create New...

Recommended Posts

  • Diamond Member



Security Think Tank: Banning ransomware payments is not so straightforward

I can understand why Ciaran Martin has taken the position of advocating for legal controls on ransomware payments, and the logic behind this proposal is simple: ********* gangs are a business, using ransomware attacks to generate revenue. Like any business, they operate on the principle of return on investment (RoI). So, if ransomware attacks consistently yield no returns, then it is not profitable and those engaging in it will move on to something else.

Not to mention, ransomware gangs are only getting greedier. It wasn’t so long ago that there seemed to be almost a sense of honour among them. Several prominent gangs publicly pledged not to ******* healthcare organisations

This is the hidden content, please
, for example. However, an advisory notice
This is the hidden content, please
for US hospitals highlights that this was a temporary truce at best, warning that ransomware gangs are specifically targeting US hospitals.

Organisations that pay the ransom are also likely to be targeted again. Estimates from the NCSC suggest that around one-third of all organisations affected by ransomware are attacked again, with some experiencing multiple attacks in a year.  

And finally, there’s no guarantee that paying the ransom will even get you your files back. Firstly, the ********** might not play fair. Secondly, they might choose to double or even triple dip on the ransom – you might have to pay to have your files decrypted, pay not to have your files released on the dark web, and even pay for the ********** not to tell your regulator or the Information Commissioners Office (ICO) about your breach.

Those are some of the arguments for not paying. However, the issue is not that straightforward. Imagine a scenario where your company is under a ransomware *******, facing an existential threat. The dilemma becomes whether to pay up or refuse payment, risking the closure of the business and loss of jobs. Even if the ******* might not directly finish off your organisation, the time it might take to recover could do so. Look at the example of the British Library – they were successfully attacked in October 2023, and as of March 2024, they are still not back to a full service – access to many of their online services is limited, and they estimate that it could take up to 12 months to recover fully.

There are also practicalities to consider. If ransom payments were criminalised, it might discourage organisations from reporting these incidents, driving the ******** practice further underground and making it more challenging for law enforcement to track and address. Just as individuals are encouraged to report social engineering attacks they encounter; companies must also feel safe to report ransomware incidents without ***** of penalisation.

Both NCSC and the ICO currently ask that even if you’re going to pay the ransom, keep them informed, especially sharing information about indicators of compromise (IoCs) or how the ******* succeeded. One of the few good things that has come out of the British Library ******* is an in-depth report on how they were attacked, which can only help organisations in the future.

How can we effectively reduce the number of ransomware attacks? The truth is, as humans, we are prone to errors, which can be exploited by cyber **********. While security training can minimise these mistakes by encouraging individuals to be more cautious, human error can never be eliminated.

A more sustainable approach is to focus on a multi-layered defence, emphasising security in design and hygiene practices. This involves integrating security measures into every level of an organisation’s operations, making it more difficult for cyber ********** to exploit vulnerabilities.

Network design principles such as zero-trust should be incorporated to allow for quick isolation of infected machines and to limit and contain the spread of ransomware and other malware internally. Artificial intelligence (AI) could also play a role in bolstering cyber security. For instance, anomalous behavioural pattern matching would enable systems to quickly identify and isolate unusual behavioural patterns. For example, IBM’s X-Force report from 2023 suggested that machine learning algorithms had up to an 85% success rate in identifying ransomware attacks by analysing network traffic patterns. By quickly identifying and responding to unusual activities, such as the sudden encryption of large amounts of data, the impact of a ransomware ******* can be more effectively mitigated.

In essence, the key to addressing ransomware attacks might not lie solely in banning payments. Instead, a combination of strategies, including robust security measures, transparency, continuous education, and leveraging AI technology, could be a more effective way forward.

John Scott is lead cyber security researcher at

This is the hidden content, please





This is the hidden content, please

#Security #Tank #Banning #ransomware #payments #straightforward

This is the hidden content, please

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.