Should ransomware payments be banned?
The Government have been recently lobbied to ban ransomware payments. They have been asked to prohibit companies and individuals being able to pay ransom demands. Cyber criminals try to scam organisation with cyber-attacks using ransomware malware. The prohibition of ransom payments would cut the flow of income to attackers. As well as shutting down the desire to hit U.K. citizens and companies with ransomware.
Prohibition of ransom payments for ransomware could mean there is no point in cyber attackers going after U.K. Alexander Culafi a news writer from Search Security explores the ban ransomware payments story in more detail.
Paying ransomware demands could be illegal
Companies paying ransom when attacked by ransomware in an effort to retrieve their data has always been controversial because it encourages future attacks. Now, doing so may also be illegal.
The U.S. Department of Treasury today warned that paying ransomware demands may be illegal and that companies that do so could be prosecuted.
The warning came in advisories from the Treasury’s Office of Foreign Assets Control and its Financial Crimes Enforcement Network. Both warned that any company that paid a ransomware payment, or a third party that facilitated a payment, could be prosecuted in the case that the hackers demanding the ransom were subject to U.S. sanctions.
There is an exception: Companies that are considering making a ransomware payment can do so but only with government approval.
Specific attention was given to third-party companies that facilitate ransomware payments. “Companies that facilitate ransomware payments to cyber criminals, encourage future ransomware payment demands. They also may risk violating OFAC regulations,” the Office of Foreign Asset Control said in its advisory.
Ransomware payments are controversial
Paying ransoms in ransomware attacks has always been controversial. Firstly, a serious ransomware attack could and has seriously crippled companies and cost them. Secondlay, hundreds of millions of dollars in lost business and costs. Finally, sometimes paying the ransom to obtain access to core business files is arguably worth it.
The counter-argument is that every single time a company pays a ransomware demand, it encourages future ransomware attacks. Hacking groups know this, which is why they keep deploying attacks.
An expert’s opinion
James McQuiggan, security awareness advocate at security awareness training company KnowBe4 Inc. compares ransomware to the Italian Mafia.
“Many years ago, in Italy, there were many kidnappings by organized crime groups of the wealthy and affluent families,” McQuiggan told SiliconANGLE. “They would request large sums of money in exchange to return the victim’s loved ones. The kidnappings got so bad that the Italian government initiated a ban on paying any ransom to organized crime groups. The government would seize all financial assets to prevent the kidnapped families from getting the money to pay.”
He went on, “At first, the crime groups called the bluff of the families who couldn’t pay and killed the family member. However, after a short while, the organized crime groups realized they couldn’t pay, and quickly, the kidnapping and ransoms came to an end.”
Returning to today’s advisories, McQuiggan said that even if an organization wishes to pay the ransom, it would have to collaborate with the U.S. Treasury, FBI and other government agencies to send the funds. “The U.S. government’s recommendation of not paying comes with a similar notion of not negotiating with terrorists. Never pay the ransom when involved with kidnappings and thus, the anticipated action of reducing ransomware attacks,” he said.
Stay protected with LIS
Unfortunately, we are unable to stop cybercrime. However, we try and help prevent it. Our clients benefit from our Anti-Spam, Anti-Virus and Office 365 Security Package solutions. Can you afford to take the risk?
Practice safe IT. STAY PRODUCTED! Contact the LIS HELP DESK to discuss your options.
LIS – Securing your digital world
#Ransomware #Cybercrime #Security #ITSupport