Security Think Tank: Approaches to ransomware need a course correction

[Pelican Press 0]

Security Think Tank: Approaches to ransomware need a course correction

Back in 2015, my team and I were speaking at the government’s

This is the hidden content, please

• Sign In
• or
• Sign Up

event in Farnborough. We had an interesting conversation with a visitor from the Home Office about the continuing legality of paying

This is the hidden content, please

• Sign In
• or
• Sign Up

fines and indeed, at the time, that there was little or no guidance from the government.

That was in stark contrast to the guidelines on paying physical ransoms, which was then and still is, that payment is ********.

This seemed illogical to us as we spend time talking about the interconnectedness of everything (

This is the hidden content, please

• Sign In
• or
• Sign Up

) and the impact of malware of all kinds on business ecosystems, society and the wellness of people. How then, could it be ******** to pay or insure against a ransom situation?

The government at the time was busy tightening insurance loopholes on human ransom, but it remained perfectly legal to pay a cyber ransom, to effectively fund ********** who are engaged in the business of syphoning money from legitimate businesses, public bodies, and even charities in the most cynical manner, who use that money to build even more effective ransomware in order to ******* everyone even more effectively. And so the cycle continues.

If you are not sure about that statement then look at the rise in the average price of a ransom over the last 10 years and you will see that these ********** have worked out their business plans meticulously and are able to target large civic centres of population, impacting public services and big businesses to extract much higher ransoms than the humble beginnings of trying to extort individuals. Ransom gangs have honed their software, their delivery and their targets for maximum pay-out.

Interestingly, the primary ******* vector ********

This is the hidden content, please

• Sign In
• or
• Sign Up

. We have come a long way from

This is the hidden content, please

• Sign In
• or
• Sign Up

that promised love and attention 24 years ago, but in another way, we haven’t. We are vulnerable to the majority of ransomware because of this delivery method that has been so successful for such a long time. Surely, this level of carelessness would not be tolerated in physical ransom? A lack of training or awareness be allowed to continue? Ransom seen merely as a cost of doing business?

Of course not, but we are talking about a type of ****** that we, as a society, have struggled with for a while now. And a ****** that has somehow become viewed as semi-legitimate and a valid cost of doing business. This is perhaps in part due to the language used. Maybe its time to readdress that and stop calling it ransomware and start calling it blackmail and extortion, which is what it really is.

We not only need to think about the legality of paying digital ransoms but also how we legislate and punish those who carry it out. The gangs are making such vast sums of money, we are entering a ******* of great risk in my opinion as the bad guys are now often much better funded than the good guys. How we course correct now needs vision, commitment and knowledge.

 

This is the hidden content, please

• Sign In
• or
• Sign Up

#Security #Tank #Approaches #ransomware #correction

This is the hidden content, please

• Sign In
• or
• Sign Up