Formal ban on ransomware payments? Asking orgs nicely to not cough up ain't working

2024-01-03 08:30

"I think more people are coming to accept that a ban, while problematic, may ultimately be the only solution to the ransomware problem," he told The Register.

For example, the Biden administration deciding to make ransom payments illegal as of February 1 would be "Problematic, given the lack of overall resilience and maturity across the economy, particularly when you think about all those soft targets the report identifies," Stifel told The Register, echoing the conclusion [PDF] reached by the Ransomware Task Force.

Eventually, a ban will be "An important part of the solution to reduce and hopefully eliminate ransomware, but it has to be coupled with number of other tools that the government has at its disposal," she added.

"Did they actually see whether their backups are viable? Did they see if there was a decryption key available? Plus, there needs to be a full-throated, robust awareness campaign around ransomware prevention, ransomware response, societal harms that come from ransomware. And we haven't really tried that."

"While a"global and universally enforced" ransomware payment ban could lead to a decline in these types of extortion attacks, this type of solution would be nearly impossible to enforce," he argued.

"Beyond issues related to the viability of enacting and enforcing uniform international standards around ransom payments, another challenge is the simple fact that ransomware is only one tool being used to collect extortion payments. We continue to see diversification across this ecosystem, with criminals sometimes only stealing data before demanding payment," Kennelly told The Register.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/01/03/ban_ransomware_payments/

#payment #ransomware