Banning Ransom Payments Calls Grow to Figure Out Approach
p
Fraud Management Cybercrime
Ransomware
ppHow might banning ransomware victims from paying a ransom to their attacker work in practiceppSee Also Webinar JustInTime Access Reducing Risks and Improving VelocityppAs ransomware groups are causing massive damage and disruption and showing no signs of stopping Ciaran Martin the former head of Britains National Cyber Security Center said its time to figure out how to make a ransomware payments ban workppWriting in a recent London Times oped he emphasized that while governments need to start finding answers to this question bans shouldnt be immediate Note I said how to make a ban work said Martin whos now a professor of practice at Oxford University Were not ready for one tomorrow But were not trying to get ready eitherppHe isnt alone in saying tough questions need to be asked about how to make ransom bans work in practice Such calls have become more urgent as ransomware groups continue to disrupt everything from energy delivery and government services to childrens hospitals and access to essential medicationppRansomware is getting worse not just in the number of attacks but in the aggressive nature of the attacks and the groups behind them said Allan Liska a ransomware researcher at Recorded Future What we are doing simply isnt workingppEstimates of how many victims pay a ransom vary In late 2022 cybersecurity firm Proofpoint reported that 58 of organizations infected by ransomware paid a ransom For the last three months of 2023 ransomware incident response firm Coveware reported seeing an average of 29 of victims pay while cyber insurer Corvus claims data put the figure at 27ppWestern governments have been devoting greater resources to improving domestic organizations resilience to make them tougher to hack Governments have also been bolstering and coordinating international law enforcement resources leading to notable infiltrations and disruptions including those of Hive in January 2023 AlphvBlackCat last December and in recent weeks LockBitppEven so ransomware groups last year amassed more known victims than ever before while receiving recordbreaking cryptocurrency ransom payments totaling at least 11 billion according to blockchain analytics firm ChainalysisppIn January Liska began calling for a ransom ban A ban on ransom payments will be painful and if history is any guide will likely lead to a shortterm increase in ransomware attacks but it seems like this is the only solution that has a chance of longterm success at this point he said That is unfortunate but it is the reality we faceppBanning ransoms would likely incentivize criminals to pursue other less disruptive strategies said Brett Callow a threat analyst with EmsisoftppFor as long as ransomware payments remain lawful cybercriminals will do whatever it takes to collect them he said The only solution is to financially disincentivize attacks by completely prohibiting the payment of demands At this point a ban is the only approach that is likely to workppChallenges remain While the state governments of North Carolina and Florida have banned public entities from paying a ransom experts say those entities havent seen a decrease in the volume of ransomware targeting themppIn 2021 the Institute for Security and Technology launched a Ransomware Task Force to better coordinate the public and private approach to combating ransomware and it released a pivotal report outlining key strategies While all of its working groups considered banning ransoms none recommended it citing concerns about widespread poor resilience They also predicted a ban would reduce information sharing with law enforcementppThe question of banning ransoms was the focus of a Ransomware Task Force panel hosted last month see Ransomware Experts See Problems With Banning Ransom PaymentsppThere is so much work to do before we get to a ban said panelist Sezaneh Seymour head of regulatory risk and policy at cyber insurer Coalition who previously served on the US National Security CouncilppEnforcement remains another question and experts are raising concerns that businesses would go underground to evade a ban or potentially use an offshore entity Seymour said if US businesses face clear obligations they will comply Businesses tend to be quite careful about wanting to comply because they are worried about the sanctions she said The real concern then becomes What are the second and thirdorder effects of those policiesppArticulating how a ban might work seems a crucial next step to addressing such concernsppThe Institute for Security and Technology says the eight cochairs of its Ransomware Task Force have developed a phased approach to potentially reach payment prohibition with 15 milestones marking progress in ecosystem preparedness deterrence disruption and response The RTF hasnt released those milestones yet but tells me it hopes to do so this springppOne continuing challenge with ransomware is that we still dont know how bad it is The quantity of victims often is counted based on the data leak sites run by ransomware groups which only list a subset of nonpaying victims Compare that to the international Hive ransomware sting that found only 20 of the groups victims reported the crime to law enforcement the FBI saidppSince criminals too often continue to control the narrative and prefer to obscure the problem Bill Siegel the CEO of ransomware incident response firm Coveware called for much greater information sharing by victims saying on the RTF panel that law enforcement and policymakers need the best possible intelligence for crafting effective policies to combat ransomware Sunlight is the best disinfectant he said This needs to be dragged out in the open and discussedppExecutive Editor DataBreachToday Europe ISMGppSchwartz is an awardwinning journalist with two decades of experience in magazines newspapers and electronic media He has covered the information security and privacy sector throughout his career Before joining Information Security Media Group in 2014 where he now serves as the executive editor DataBreachToday and for European news coverage Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading among other publications He lives in Scotlandpp
ppCovering topics in risk management compliance fraud and information securityppBy submitting this form you agree to our Privacy GDPR StatementppwhitepaperppwhitepaperppwhitepaperppEndpoint SecurityppCyberwarfare NationState AttacksppCybercrimeppData Masking Information ArchivingppCybercrimeppContinue ppWas added to your briefcaseppBanning Ransom Payments Calls Grow to Figure Out ApproachppBanning Ransom Payments Calls Grow to Figure Out Approachpp
Just to prove you are a human please solve the equation
ppSign in now ppNeed help registering
Contact support
ppComplete your profile and stay up to dateppContact Support ppCreate an ISMG account now ppCreate an ISMG account now ppNeed help registering
Contact support
ppSign in now ppNeed help registering
Contact support
ppSign in now ppOur website uses cookies Cookies enable us to provide the best experience possible and help us understand how visitors use our website By browsing bankinfosecuritycom you agree to our use of cookiesp
Fraud Management Cybercrime
Ransomware
ppHow might banning ransomware victims from paying a ransom to their attacker work in practiceppSee Also Webinar JustInTime Access Reducing Risks and Improving VelocityppAs ransomware groups are causing massive damage and disruption and showing no signs of stopping Ciaran Martin the former head of Britains National Cyber Security Center said its time to figure out how to make a ransomware payments ban workppWriting in a recent London Times oped he emphasized that while governments need to start finding answers to this question bans shouldnt be immediate Note I said how to make a ban work said Martin whos now a professor of practice at Oxford University Were not ready for one tomorrow But were not trying to get ready eitherppHe isnt alone in saying tough questions need to be asked about how to make ransom bans work in practice Such calls have become more urgent as ransomware groups continue to disrupt everything from energy delivery and government services to childrens hospitals and access to essential medicationppRansomware is getting worse not just in the number of attacks but in the aggressive nature of the attacks and the groups behind them said Allan Liska a ransomware researcher at Recorded Future What we are doing simply isnt workingppEstimates of how many victims pay a ransom vary In late 2022 cybersecurity firm Proofpoint reported that 58 of organizations infected by ransomware paid a ransom For the last three months of 2023 ransomware incident response firm Coveware reported seeing an average of 29 of victims pay while cyber insurer Corvus claims data put the figure at 27ppWestern governments have been devoting greater resources to improving domestic organizations resilience to make them tougher to hack Governments have also been bolstering and coordinating international law enforcement resources leading to notable infiltrations and disruptions including those of Hive in January 2023 AlphvBlackCat last December and in recent weeks LockBitppEven so ransomware groups last year amassed more known victims than ever before while receiving recordbreaking cryptocurrency ransom payments totaling at least 11 billion according to blockchain analytics firm ChainalysisppIn January Liska began calling for a ransom ban A ban on ransom payments will be painful and if history is any guide will likely lead to a shortterm increase in ransomware attacks but it seems like this is the only solution that has a chance of longterm success at this point he said That is unfortunate but it is the reality we faceppBanning ransoms would likely incentivize criminals to pursue other less disruptive strategies said Brett Callow a threat analyst with EmsisoftppFor as long as ransomware payments remain lawful cybercriminals will do whatever it takes to collect them he said The only solution is to financially disincentivize attacks by completely prohibiting the payment of demands At this point a ban is the only approach that is likely to workppChallenges remain While the state governments of North Carolina and Florida have banned public entities from paying a ransom experts say those entities havent seen a decrease in the volume of ransomware targeting themppIn 2021 the Institute for Security and Technology launched a Ransomware Task Force to better coordinate the public and private approach to combating ransomware and it released a pivotal report outlining key strategies While all of its working groups considered banning ransoms none recommended it citing concerns about widespread poor resilience They also predicted a ban would reduce information sharing with law enforcementppThe question of banning ransoms was the focus of a Ransomware Task Force panel hosted last month see Ransomware Experts See Problems With Banning Ransom PaymentsppThere is so much work to do before we get to a ban said panelist Sezaneh Seymour head of regulatory risk and policy at cyber insurer Coalition who previously served on the US National Security CouncilppEnforcement remains another question and experts are raising concerns that businesses would go underground to evade a ban or potentially use an offshore entity Seymour said if US businesses face clear obligations they will comply Businesses tend to be quite careful about wanting to comply because they are worried about the sanctions she said The real concern then becomes What are the second and thirdorder effects of those policiesppArticulating how a ban might work seems a crucial next step to addressing such concernsppThe Institute for Security and Technology says the eight cochairs of its Ransomware Task Force have developed a phased approach to potentially reach payment prohibition with 15 milestones marking progress in ecosystem preparedness deterrence disruption and response The RTF hasnt released those milestones yet but tells me it hopes to do so this springppOne continuing challenge with ransomware is that we still dont know how bad it is The quantity of victims often is counted based on the data leak sites run by ransomware groups which only list a subset of nonpaying victims Compare that to the international Hive ransomware sting that found only 20 of the groups victims reported the crime to law enforcement the FBI saidppSince criminals too often continue to control the narrative and prefer to obscure the problem Bill Siegel the CEO of ransomware incident response firm Coveware called for much greater information sharing by victims saying on the RTF panel that law enforcement and policymakers need the best possible intelligence for crafting effective policies to combat ransomware Sunlight is the best disinfectant he said This needs to be dragged out in the open and discussedppExecutive Editor DataBreachToday Europe ISMGppSchwartz is an awardwinning journalist with two decades of experience in magazines newspapers and electronic media He has covered the information security and privacy sector throughout his career Before joining Information Security Media Group in 2014 where he now serves as the executive editor DataBreachToday and for European news coverage Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading among other publications He lives in Scotlandpp
ppCovering topics in risk management compliance fraud and information securityppBy submitting this form you agree to our Privacy GDPR StatementppwhitepaperppwhitepaperppwhitepaperppEndpoint SecurityppCyberwarfare NationState AttacksppCybercrimeppData Masking Information ArchivingppCybercrimeppContinue ppWas added to your briefcaseppBanning Ransom Payments Calls Grow to Figure Out ApproachppBanning Ransom Payments Calls Grow to Figure Out Approachpp
Just to prove you are a human please solve the equation
ppSign in now ppNeed help registering
Contact support
ppComplete your profile and stay up to dateppContact Support ppCreate an ISMG account now ppCreate an ISMG account now ppNeed help registering
Contact support
ppSign in now ppNeed help registering
Contact support
ppSign in now ppOur website uses cookies Cookies enable us to provide the best experience possible and help us understand how visitors use our website By browsing bankinfosecuritycom you agree to our use of cookiesp
