Government is fed up with ransomware payments fueling cyberattacks

pCredit CardsppLoansppBankingppMortgagesppInsuranceppCredit MonitoringppPersonal FinanceppSmall BusinessppTaxesppHelp for Low Credit ScoresppInvestingppSELECTppAll Credit CardsppFind the Credit Card for YouppBest Credit CardsppBest Rewards Credit CardsppBest Travel Credit CardsppBest 0 APR Credit CardsppBest Balance Transfer Credit CardsppBest Cash Back Credit CardsppBest Credit Card Welcome BonusesppBest Credit Cards to Build CreditppSELECTppAll LoansppFind the Best Personal Loan for YouppBest Personal LoansppBest Debt Consolidation LoansppBest Loans to Refinance Credit Card DebtppBest Loans with Fast FundingppBest Small Personal LoansppBest Large Personal LoansppBest Personal Loans to Apply OnlineppBest Student Loan RefinanceppSELECTppAll BankingppFind the Savings Account for YouppBest High Yield Savings AccountsppBest Big Bank Savings AccountsppBest Big Bank Checking AccountsppBest No Fee Checking AccountsppNo Overdraft Fee Checking AccountsppBest Checking Account BonusesppBest Money Market AccountsppBest CDsppBest Credit UnionsppSELECTppAll MortgagesppBest MortgagesppBest Mortgages for Small Down PaymentppBest Mortgages for No Down PaymentppBest Mortgages with No Origination FeeppBest Mortgages for Average Credit ScoreppAdjustable Rate MortgagesppAffording a MortgageppSELECTppAll InsuranceppBest Life InsuranceppBest Homeowners InsuranceppBest Renters InsuranceppBest Car InsuranceppTravel InsuranceppSELECTppAll Credit MonitoringppBest Credit Monitoring ServicesppBest Identity Theft ProtectionppHow to Boost Your Credit ScoreppCredit Repair ServicesppSELECTppAll Personal FinanceppBest Budgeting AppsppBest Expense Tracker AppsppBest Money Transfer AppsppBest Resale Apps and SitesppBuy Now Pay Later BNPL AppsppBest Debt ReliefppSELECTppAll Small BusinessppBest Small Business Savings AccountsppBest Small Business Checking AccountsppBest Credit Cards for Small BusinessppBest Small Business LoansppBest Tax Software for Small BusinessppSELECTppAll TaxesppFiling For FreeppBest Tax SoftwareppBest Tax Software for Small BusinessesppTax RefundsppTax BracketsppTax TipsppTax By StateppTax Payment PlansppSELECTppAll Help for Low Credit ScoresppBest Credit Cards for Bad CreditppBest Personal Loans for Bad CreditppBest Debt Consolidation Loans for Bad CreditppPersonal Loans if You Dont Have CreditppBest Credit Cards for Building CreditppPersonal Loans for 580 Credit Score or LowerppPersonal Loans for 670 Credit Score or LowerppBest Mortgages for Bad CreditppBest Hardship LoansppHow to Boost Your Credit ScoreppSELECTppAll InvestingppBest IRA AccountsppBest Roth IRA AccountsppBest Investing AppsppBest Free Stock Trading PlatformsppBest RoboAdvisorsppIndex FundsppMutual FundsppETFsppBondsppppWith ransomware attacks surging and 2024 on track to be one of the worst years on record US officials are seeking ways to counter the threat in some cases urging a new approach to ransom paymentsppAnn Neuberger US deputy national security adviser for cyber and emerging technologies wrote in a recent Financial Times opinion piece that insurance policies â especially those covering ransomware payment reimbursements â are fueling the very same criminal ecosystems they seek to mitigate This is a troubling practice that must end she wrote advocating for stricter cybersecurity requirements as a condition for coverage to discourage ransom paymentsppZeroing in on cyber insurance as a key area for reform comes as the US government scrambles to find ways to disrupt ransomware networks According to the latest report by the Office of the Director of National Intelligence by mid2024 more than 2300 incidents already had been recorded â nearly half targeting US organizations â suggesting that 2024 could exceed the 4506 attacks recorded globally in 2023ppYet even as policymakers scrutinize insurance practices and explore broader measures to disrupt ransomware operations businesses are still left to grapple with the immediate question when they are under attack Pay the ransom and potentially incentivize future attacks or refuse and risk further damageppFor many organizations deciding whether to pay a ransom is a difficult and urgent decision In 2024 I attended a briefing by the FBI where they continued to advise against paying a ransom said Paul Underwood vice president of security at IT services company Neovera However after making that statement they said that they understand that its a business decision and that when companies make that decision it is taking into account many more factors than just ethics and good business practices Even the FBI understood that businesses need to do whatever it takes to get back to operations Underwood saidppThe FBI declined to commentppTheres no black or white here said cybersecurity expert Bryan Hornung CEO of Xact IT Solutions Theres so many things that go into play when it comes to making the decision on whether youre even going to entertain paying the ransom he saidppThe urgency to restore operations can push businesses into making decisions they may not be prepared for as does the fear of increasing damage The longer something goes on the bigger the blast radius Hornung said Ive been in rooms with CEOs who swore theyd never pay only to reverse course when faced with prolonged downtime  ppIn addition to operational downtime the potential exposure of sensitive data â especially if it involves customers employees or partners â creates heightened fear and urgency Organizations not only face the possibility of immediate reputational damage but also classaction lawsuits from affected individuals with the cost of litigation and settlements in some cases far outweighing the ransom demand and driving companies to pay just to contain the falloutppThere are lawyers out there who know how to put together classaction lawsuits based on whats on the dark web Hornung said They have teams that find information thats been leaked â drivers licenses Social Security numbers health information â and they contact these people and tell them its out there Next thing you know youre defending a multimilliondollar classaction lawsuit  ppA notable example is Lehigh Valley Health Network In 2023 the Pennsylvaniabased hospital refused to pay the 5 million ransom to the ALPHVBlackCat gang leading to a data leak affecting 134000 patients on the dark web including nude photos of about 600 breast cancer patients The fallout was severe resulting in a classaction lawsuit which claimed that while LVHN is publicly patting itself on the back for standing up to these hackers and refusing to meet their ransom demands they are consciously and internationally ignoring the real victimsppLVHN agreed to settle the case for 65 millionppSimilarly backgroundcheck giant National Public Data is facing multiple classaction lawsuits along with more than 20 states levying civil rights violations and possible fines by the Federal Trade Commission after a hacker posted NPDs database of 27 billion records on the dark web in April The data included 272 million Social Security numbers as well as full names addresses phone numbers and other personal data of both living and deceased individuals The hacker group allegedly demanded a ransom to return the stolen data though it remains unclear whether NPD paid itppWhat is clear though is that the NPD did not immediately report the incident Consequently its slow and incomplete response â especially its failure to provide identity theft protection to victims â resulted in a number of legal issues leading its parent company Jerico Pictures to file for Chapter 11 on Oct 2ppNPD did not to respond to requests for commentppDarren Williams founder of BlackFog a cybersecurity firm that specializes in ransomware prevention and cyber warfare is firmly against paying ransoms In his view paying encourages more attacks and once sensitive data has been exfiltrated it is gone forever he saidppEven when companies choose to pay theres no certainty the data will remain secure UnitedHealth Group experienced this firsthand after its subsidiary Change Healthcare was hit by the ALPHVBlackCat ransom group in April 2023 Despite paying the 22 million ransom to prevent a data leak and quickly restore operations a second hacker group RansomHub angry that ALPHVBlackCat failed to distribute the ransom to its affiliates accessed the stolen data and demanded an additional ransom payment from Change Healthcare While Change Healthcare hasnt reported if it paid the fact that the stolen data was eventually leaked on the dark web indicates their demands most likely were not metppThe fear that a ransom payment may fund hostile organizations or even violate sanctions given the links between many cybercriminals and geopolitical enemies of the US makes the decision even more precarious For example according to a Comparitech Ransomware Roundup when LoanDepot was attacked by the ALPHVBlackCat group in January the company refused to pay the 6 million ransom demand opting instead to pay the projected 12 million to 17 million in recovery costs The choice was primarily motivated by concerns about funding criminal groups with potential geopolitical ties The attack affected around 17 million customers leaving them unable to access their accounts or make payments and in the end customers still filed classaction lawsuits against LoanDepot alleging negligence and breach of contractppRegulatory scrutiny adds another layer of complexity to the decisionmaking process according to Richard Caralli a cybersecurity expert at AxioppOn the one hand recently implemented SEC reporting requirements which mandate disclosures about cyber incidents of material importance as well as ransom payments and recovery efforts may make companies less likely to pay because they fear legal action reputational damage or shareholder backlash On the other hand some companies may still opt to pay to prioritize a quick recovery even if it means facing those consequences laterppThe SEC reporting requirements have certainly had an effect on the way in which organizations address ransomware Caralli said Being subjected to the consequences of ransomware alone is tricky to navigate with customers business partners and other stakeholders as organizations must expose their weaknesses and lack of preparedness ppWith the passage of the Cyber Incident Reporting for Critical Infrastructure Act set to go into effect around October 2025 many nonSEC regulated organizations will soon face similar pressures Under this ruling companies in critical infrastructure sectors â which are often small and midsized entities â will be obligated to disclose any ransomware payments further intensifying the challenges of handling these attacksppAs fast as cyber defenses improve cybercriminals are even quicker to adaptppTraining awareness defensive techniques and not paying all contribute to the reduction of attacks However it is very likely that more sophisticated hackers will find other ways to disrupt businesses Underwood saidppA recent report from cyber extortion specialist Coveware highlights a significant shift in ransomware patternsppWhile not an entirely new tactic hackers are increasingly relying on data exfiltrationonly attacks That means sensitive information is stolen but not encrypted meaning victims can still access their systems Its a response to the fact that companies have improved their backup capabilities and become better prepared to recover from encryptionbased ransomware The ransom is demanded not for recovering encrypted files but to prevent the stolen data from being released publicly or sold on the dark webppNew attacks by lone wolf actors and nascent criminal groups have emerged following the collapse of ALPHVBlackCat and Lockbit according to Coveware These two ransomware gangs were among the most prolific with LockBit believed to have been responsible for nearly 2300 attacks and ALPHVBlackCat over 1000 75 of which were in the USppBlackCat executed a planned exit after pilfering the ransom owed to its affiliates in the Change Healthcare attack Lockbit was taken down after an international lawenforcement operation seized its platforms hacking tools cryptocurrency accounts and source codes However even though these operations have been disrupted ransomware infrastructures are quickly rebuilt and rebranded under new namesppRansomware has one of the lowest barriers to entry for any type of crime said BlackFogs Williams Other forms of crime carry significant risks such as jail time and death Now with the ability to shop on the dark web and leverage the tools of some of the most successful gangs for a small fee the risktoreward ratio is quite highppOne point on which cybersecurity experts universally agree is that prevention is the ultimate solutionppAs a benchmark Hornung recommends businesses allocate between one percent and three percent of their topline revenue toward cybersecurity with sectors like health care and financial services which handle highly sensitive data at the higher end of this range If not youre going to be in trouble he said Until we can get businesses to do the right things to protect detect and respond to these events companies are going to get hacked and were going to have to deal with this challengeppAdditionally proactive measures such as endpoint detection â a type of security guard on your computer that constantly looks for signs of unusual or suspicious activity and alerts you â or response and ransomware rollback a backup feature that kicks in and will undo damage and get you your files back if a hacker locks you out of your system can minimize damage when an attack occurs Underwood saidppA welldeveloped plan can help ensure that paying the ransom is a last resort not the first optionppOrganizations tend to panic and have kneejerk reactions to ransomware intrusions Caralli said To avoid this he stresses the importance of developing an incident response plan that outlines specific actions to take during a ransomware attack including countermeasures such as reliable data backups and regular drills to ensure that recovery processes work in realworld scenariosppHornung says ransomware attacks â and the pressure to pay â will remain high Prevention is always cheaper than the cure he said but businesses are asleep at the wheelppThe risk is not limited to large enterprises We work with a lot of small and mediumsized businesses and I say to them Youre not too small to be hacked Youre just too small to be in the newsppIf no organization paid the ransom the financial benefit of ransomware attacks would be diminished Underwood said But he added that it wouldnt stop hackersppIt is probably safe to say that more organizations that do not pay would also cause attackers to stop trying or perhaps try other methods such as stealing the data searching for valuable assets and selling it to interested parties he said A frustrated hacker may give up or they will try alternative methods They are for the most part on the offensiveppGot a confidential news tip We want to hear from youppSign up for free newsletters and get more CNBC delivered to your inboxppGet this delivered to your inbox and more info about our products and servicespp 2024 CNBC LLC All Rights Reserved A Division of NBCUniversalpp
Data is a realtime snapshot Data is delayed at least 15 minutes
Global Business and Financial News Stock Quotes and Market Data
and Analysis
ppData also provided byp