Ban ransomware payments, Emsisoft urges governments

A major cybersecurity company is urging governments to forbid all organizations in their countries from paying ransomware gangs, arguing it would at least make crooks shift from hitting critical infrastructure providers such as hospitals, utilities and schools.

Emsisoft made the plea Monday in releasing final — and record — ransomware numbers for 2023 for the number of organizations hit.

Just over 2,200 U.S. hospitals, schools, and governments were directly impacted by ransomware, the company said, with many more being indirectly impacted via attacks on their supply chains. Additionally, thousands of private sector companies were either directly or indirectly impacted. The number of victim organizations is likely much higher; the numbers gleaned by Emsisoft are ones that can be confirmed. Many organizations — in every country around the world — don’t report successful cyber attacks.

“The only viable mechanism by which governments can quickly reduce ransomware volumes is to ban ransom payments,” Emsisoft argues. “Ransomware is a profit-driven enterprise. If it is made unprofitable, most attacks will quickly stop.”

“Were there to be a ban, we believe that bad actors would quickly pivot and move from high-impact encryption-based attacks to other less disruptive forms of cybercrime. It would really make no sense for them to expend time and effort attacking organizations which could not pay. Additionally, bad actors already do attack healthcare providers, local governments, and other custodians of critical infrastructure – relentlessly, day in, day out – and it’s far from certain that they would have either the incentive or the resources to attack them any more frequently.”

Related content: Canadian mid-sized firms paid an average $1.4 million in ransoms

A ban would not need to stop all payments, Emsisoft argues. It would simply need to stop enough to ensure that ransomware ceased to be profitable and, as most companies would abide by the law, this would likely be achieved.

In 2022, Emisisoft notes, both North Carolina and Florida banned public sector entities from paying demands. “As far as we are aware, no entity in either state has experienced catastrophic data loss as a result of the ban, and nor have any experienced unusually excessive downtime.”

We reached out to Canadian-based Emsisoft threat researcher Brett Callow with two questions about banning ransomware payments:

First, why would a ban on ransomware payments would stop a gang from attacking organizations? Wouldn’t gangs continue stealing and encrypting data, and then threatening to embarrass the organization into capitulating? “The aim wouldn’t be to stop all cybercrime,” Callow replied, “it’d be to stop disruptive encryption-based attacks. And, yes, a decrease in ransomware could well mean an increase in business email compromise and other forms of cybercrime. But those other forms don’t put people’s lives at risk.”

Second, if paying crooks is banned, isn’t there a risk organizations will ease off on cybersecurity. They would think, ‘Crooks know I won’t pay to get data back, so I won’t be a target any more.’ Callow replied that governments have many legal and regulatory tools to make organizations invest in cybersecurity. For example, he noted that recently New York’s Attorney General secured US$450,000 from U.S. Radiology Specialists, Inc. (US Radiology) for failing to protect its patients’ personal and healthcare data.

Last year, 48 countries, including Canada and the U.S., agreed their national governments shouldn’t give in to ransomware demands. The promise came at the end of the third annual meeting in Washington of the International Counter Ransomware Initiative (CRI).

“CRI members affirmed the importance of strong and aligned messaging discouraging paying ransomware demands and leading by example,” the group said in a statement.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Featured Tech Jobs

 

CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.