Will Governments Ban Ransom Payments To Hackers?

Uploaded on 2021-05-23 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

Ransomware criminals are holding businesses and organisations hostage and demanding large payments with greater frequency and scale.  In order to restore the victims systems the prevalent criminal method  is for the hacker to demand to get paid in crypocurrency, which can’t be tracked by the victim or the police.

The financial damage from these cyber attacks range from £70k to £10m and now some US and UK technology experts are urging their governments to make paying ransom to criminal hackers illegal. 

The CEO of Colonial Pipeline has admitted his company paid hackers nearly $4.5m after their attack forced the firm to stop transporting fuel. Since last August, the hackers responsible for the US pipeline hack, DarkSide, have made at least $90m in ransom payments from about 47 victims, Bitcoin records show.

DarkSide is just one of more than a dozen prolific ransomware gangs making vast profits from holding companies, schools, governments and hospitals to ransom. 

Hacking groups work anonymously, so are hard to track down and they often operate in countries unwilling to arrest them. 
Ransomware attacks shut down a victims computer systems or data until a ransom is paid. Law-enforcement agencies around the world are increasingly urging victims not to pay. But paying ransoms is not illegal and many organisations pay in secret.

  • The Ransomware Task Force (RTF) a global coalition of cyber experts is lobbying governments to take action.  It has made nearly 50 recommendations to curb the crime spree, but it hasn’t agreed as to whether countries should ban ransom payments.
  • Britain's ex-GCHQ chief has urged the government to ban ransomware payments to stop criminals profiteering from attacks. Ciaran Martin, the founding chief executive of GCHQ's Cyber Security Centre (NCSC), now an eminent Professor at Oxford University's Blavatnik School, spoke following the Irish health service being  targeted with a ransom attack by criminals. 

Opponents say that a ban on ransom payouts would push criminals to go after even more essential targets, such as hospitals, forcing victims to choose between payment and widespread upheaval.

USA Today:       BBC:     Daily Mail:     Financial Times:     CyberWire:        

You Might Also Read: 

Pipeline Hack: Biden Issues An Executive Order

 

« New Zealand Health Service Is Under Attack
Apple Stores Customer Data In China »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

SABSACourses

SABSACourses

SABSA is a development process used for solving complex problems such as IT Operations, Risk Management, Compliance & Audit functions.

JYVSECTEC - JAMK University of Applied Sciences

JYVSECTEC - JAMK University of Applied Sciences

JYVSECTEC is a cyber security research and development and training centre

CircleCI

CircleCI

CircleCI’s platform allows developers to rapidly release code (for web and mobile apps) they trust by automating the build, test, and deploy process.

AhnLab

AhnLab

AhnLab provides a range of information security solutions including network security, endpoint security, antivirus and consulting services.

Cyber Execs

Cyber Execs

Cyber Execs is a Cyber Security Consultancy & Executive Recruitment firm.

Bavarian IT Security Cluster

Bavarian IT Security Cluster

The Bavarian IT Security Cluster works to build regional IT security competencies and increase the competitiveness and market opportunities of its member companies.

Sqreen

Sqreen

Sqreen is a web application security monitoring and protection solution helping companies protect their apps and users from attacks.

AimBrain

AimBrain

AimBrain tools detect and prevent fraud, faster and more accurately than ever before.

Ecubel

Ecubel

Ecubel is the market leader in Belgium in buying and selling used IT harware guaranteed by a certified data erasure.

CYBAVO

CYBAVO

CYBAVO is a cryptocurrency security company founded by experts from the cryptocurrency and security industries.

Ampliphae

Ampliphae

Ampliphae gives you an easy-to-deploy, sophisticated and affordable cloud-discovery, security and compliance platform.

PixelPlex

PixelPlex

PixelPlex is a blockchain and custom software development company with offices and developers in New York, Geneva, and Seoul.

Rostelecom Solar

Rostelecom Solar

Rostelecom-Solar is a Cyber Security Company, providing software and managed detection and response (MDR) services to protect critical information from advanced cyber threats.

Noetic Cyber

Noetic Cyber

Noetic provides a proactive approach to cyber asset and controls management, empowering security teams to see, understand, and optimize their cybersecurity posture.

Pacific Global Security Group

Pacific Global Security Group

Pacific Global Security Group offers an intelligence-driven focus on all aspects of cybersecurity for IT/ICS/OT.

Dropzone AI

Dropzone AI

Dropzone AI are creating a generational leap in SecOps by using AI to automate cyber expertise and tooling.