Will Governments Ban Ransom Payments To Hackers?

Ransomware criminals are holding businesses and organisations hostage and demanding large payments with greater frequency and scale.  In order to restore the victims systems the prevalent criminal method  is for the hacker to demand to get paid in crypocurrency, which can’t be tracked by the victim or the police.

The financial damage from these cyber attacks range from £70k to £10m and now some US and UK technology experts are urging their governments to make paying ransom to criminal hackers illegal. 

The CEO of Colonial Pipeline has admitted his company paid hackers nearly $4.5m after their attack forced the firm to stop transporting fuel. Since last August, the hackers responsible for the US pipeline hack, DarkSide, have made at least $90m in ransom payments from about 47 victims, Bitcoin records show.

DarkSide is just one of more than a dozen prolific ransomware gangs making vast profits from holding companies, schools, governments and hospitals to ransom. 

Hacking groups work anonymously, so are hard to track down and they often operate in countries unwilling to arrest them. 
Ransomware attacks shut down a victims computer systems or data until a ransom is paid. Law-enforcement agencies around the world are increasingly urging victims not to pay. But paying ransoms is not illegal and many organisations pay in secret.

  • The Ransomware Task Force (RTF) a global coalition of cyber experts is lobbying governments to take action.  It has made nearly 50 recommendations to curb the crime spree, but it hasn’t agreed as to whether countries should ban ransom payments.
  • Britain's ex-GCHQ chief has urged the government to ban ransomware payments to stop criminals profiteering from attacks. Ciaran Martin, the founding chief executive of GCHQ's Cyber Security Centre (NCSC), now an eminent Professor at Oxford University's Blavatnik School, spoke following the Irish health service being  targeted with a ransom attack by criminals. 

Opponents say that a ban on ransom payouts would push criminals to go after even more essential targets, such as hospitals, forcing victims to choose between payment and widespread upheaval.

USA Today:       BBC:     Daily Mail:     Financial Times:     CyberWire:        

You Might Also Read: 

Pipeline Hack: Biden Issues An Executive Order

 

« New Zealand Health Service Is Under Attack
Apple Stores Customer Data In China »

Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

SecureAuth

SecureAuth

SecureAuth delivers cutting edge identity and information security solutions for cloud, mobile, web, and VPN systems.

ASIS International

ASIS International

ASIS International is a global community of security practitioners with a role in the protection of assets - people, property, and/or information.

Portnox

Portnox

The Portnox Network Access Control (NAC) Platform traverses across all network layers, and locations to deliver the highest accuracy and control of all connected devices and users.

Hyve

Hyve

Hyve provide a wide range of managed web hosting services including private, hybrid and public VMware cloud hosting.

Authorize.Net

Authorize.Net

Authorize.Net is a Payment Gateway which provides the complex infrastructure and security necessary to ensure fast, reliable and secure transactions.

Netsafe

Netsafe

Netsafe is an independent, non-profit New Zealand organisation focused on online safety. We help people stay safe online by providing online safety education, advice and support.

Datec PNG

Datec PNG

Datec is the the largest end-to-end information and communications technology solutions and services provider in Papua New Guinea.

Pentest360

Pentest360

Pentest360 is a 24x7x365 Penetration testing service offered through a feature-rich, centralised platform on the cloud that delivers instant visibility during security assessments.