A cyber-crime spree wreaking havoc around the world has reignited calls for governments to ban ransom payments to hackers.<\/p>\n\n\n\n
Ransomware criminals are holding computer systems hostage on a daily basis, demanding large payments from victims to restore order.<\/p>\n\n\n\n
The CEO of Colonial Pipeline has admitted his company paid hackers nearly $4.5m last week after their attack forced the firm to stop transporting fuel.<\/p>\n\n\n\n
But research from Bitcoin analysts Elliptic suggests this is just a drop in the ocean.<\/p>\n\n\n\n
Since last August, the hackers responsible, DarkSide, have made at least $90m in ransom payments from about 47 victims, Bitcoin records show.<\/p>\n\n\n\n
Irish health system targeted twice by hackers
\nUS pipeline hackers ‘didn’t mean to create problems’
\nForeign Secretary issues warning on cyber-attacks
\nAnd DarkSide is just one of at least a dozen prolific ransomware gangs making vast profits from holding companies, schools, governments and hospitals to ransom.<\/p>\n\n\n\n
They work anonymously so are hard to track down.<\/p>\n\n\n\n
And many operate in countries unwilling to arrest them.<\/p>\n\n\n\n
Law-enforcement agencies
\nRansomware attacks prevent victims accessing computer systems or data until a ransom is paid.<\/p>\n\n\n\n
Law-enforcement agencies around the world are increasingly urging victims not to pay.<\/p>\n\n\n\n
But paying ransoms is not illegal.<\/p>\n\n\n\n
And many organisations pay in secret.<\/p>\n\n\n\n
Now, the Ransomware Task Force (RTF) global coalition of cyber-experts is lobbying governments to take action.<\/p>\n\n\n\n
It has made nearly 50 recommendations to curb the crime spree but couldn’t agree over whether countries should ban ransom payments.<\/p>\n\n\n\n
And we asked two members why.<\/p>\n\n\n\n
‘Banning payments would result in a pretty horrific game of ‘chicken”
\nRapid7 community and public affairs vice-president Jen Ellis says: “Most people agree, in an ideal world, the government would prohibit paying ransoms.<\/p>\n\n\n\n
“Since ransomware is a profit-motivated crime, this would hopefully discourage the crime altogether.<\/p>\n\n\n\n
“And no-one would be faced with funding organised crime.<\/p>\n\n\n\n
“The problem is, we don’t live in an ideal world.<\/p>\n\n\n\n
“In the world we do live in, banning payments would almost certainly result in a pretty horrific game of ‘chicken’, whereby criminals would shift all their focus towards organisations which are least likely to be able to deal with downtime – for example hospitals, water-treatment plants, energy providers, and schools.<\/p>\n\n\n\n
“The hackers may expect the harm to society caused by this downtime to apply the necessary pressure to ensure they get paid.<\/p>\n\n\n\n
“They have very little to lose by doing this – and potentially a big payday to gain.<\/p>\n\n\n\n
“Let’s say the government creates a fund to support these organisations so they don’t have to pay.<\/p>\n\n\n\n
“If that happens, the attackers could then just switch their focus to small businesses and non-profit organisations which don’t have the resources to protect themselves.<\/p>\n\n\n\n
“They could face complete ruin if they don’t pay.<\/p>\n\n\n\n
“Faced with declaring bankruptcy, these organisations may consider making a payment in secret, which would then place them even further at the mercy of the criminals, who could threaten to publicise it.<\/p>\n\n\n\n
“Overcoming these problems is not straightforward.<\/p>\n\n\n\n
“It will take time, education, and sustained investment.<\/p>\n\n\n\n
“Prohibiting payments is a great goal to shoot for.<\/p>\n\n\n\n
“But we must be pragmatic in our approach to ensure we do not create significant economic and societal harm.”<\/p>\n\n\n\n
‘A payment ban would take some burden off organisations’
\nCyber Threat Alliance president and chief executive Michael Daniel says: “The case for prohibiting ransom payments is clear.<\/p>\n\n\n\n
“Ransomware attacks are primarily motivated by profit.<\/p>\n\n\n\n
“And without profit, attackers will shift away from this tactic.<\/p>\n\n\n\n
“Further, ransom profits are used to fund other, even more dangerous crime, such as human trafficking, child exploitation, and terrorism.<\/p>\n\n\n\n
“Finally, payments beget more attacks, reinforcing the tactic’s utility.<\/p>\n\n\n\n
“No organisation wants to pay a ransom.<\/p>\n\n\n\n
“Instead, they feel they have no choice, whether it’s due to the threat of insolvency, reputational damage stemming from service interruptions, or the potential for loss of life or wide-scale economic disruption.<\/p>\n\n\n\n
“Indeed, from a purely short-term, organisational viewpoint, paying a ransom is often an economically rational decision.”We need to break this cycle and deprive the ransomware ecosystem of ‘fuel’.<\/p>\n\n\n\n
“A payment ban would take some burden off organisations, by removing payment as a legal possibility.<\/p>\n\n\n\n
“As a result, well designed prohibitions would provide targeted organisations with leverage to push back against their attackers.<\/p>\n\n\n\n
“Such prohibitions should not be implemented immediately.<\/p>\n\n\n\n
“in fact, such bans should only be put in place after governments have established effective victim-support mechanisms.<\/p>\n\n\n\n
“Payment prohibitions should be part of a broad-based campaign to improve prevention, deterrence, disruption, and response.<\/p>\n\n\n\n
“Those arguing against bans make an excellent point about the potential heavy cost organisations attacked during a transition period could face, potentially even going out of business or facing enormous pressure to restore service.<\/p>\n\n\n\n
“Therefore, for payment bans to achieve their intended effect, governments will have to provide companies with the resources and support to withstand these attacks.”<\/p>\n","protected":false},"excerpt":{"rendered":"
A cyber-crime spree wreaking havoc around the world has reignited calls for governments to ban ransom payments to hackers. Ransomware criminals are holding computer systems hostage on a daily basis, demanding large payments from victims to restore order. The CEO of Colonial Pipeline has admitted his company paid hackers nearly $4.5m last week after their … Continue reading “Ransomware: Should paying hacker ransoms be illegal?”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3304","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/posts\/3304","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/comments?post=3304"}],"version-history":[{"count":1,"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/posts\/3304\/revisions"}],"predecessor-version":[{"id":3305,"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/posts\/3304\/revisions\/3305"}],"wp:attachment":[{"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/media?parent=3304"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/categories?post=3304"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/tags?post=3304"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}