Recent months have seen a decrease in ransomware. But they are still a serious threat, and organizations should rethink if a successful breach on their computers is worth paying ransom to the attackers in hope of not revealing their stolen data.
According to the NCC Group Threat Pulse Report The ransomware landscape is still turbulent, despite the fact that there have been fewer incidents reported since April. Industrials (34%) were the most targeted sector, followed by Consumer Cyclicals (18%).
The top 10 ransomware actors have changed significantly since April. Hunters is one of the most dangerous bad actors. It has moved from being the eighth-most active threat actor up to the number two. It launched 61% of ransomware in April compared to March. RansomHub replaced RA Group as the third-placed ransomware attack provider and saw a 42 percent increase over March.
In counterterrorism and hostage situations, the policy of refusing to pay ransom is widely debated. Multiple perspectives continue to debate its effectiveness. Cybersecurity experts use the same logic when deciding if ransomware should be paid.
Others argue that ransomware payments are used to fund future criminal activities. Legal issues are also considered in the decision-making process. Some countries make it illegal to pay ransoms to terrorists. Some countries have similar laws to curb ransomware.
According to the U.S. Department of the Treasury there is no federal law that makes paying ransomware requests illegal in the United States. Making such payments is not without legal and financial risk.
Anne Cutler, a cybersecurity evangelist with Keeper Security.
She told TechNewsWorld that “this approach, although commendable for the organization, poses real-world challenges.”
The No-Pay Ransomware Strategy Gains Support
Cutler notes that experts in cybersecurity and government officials have been advocating the policy of refusing to pay ransoms for many years because it can reduce criminal activity. Paying ransoms can be risky and ineffective, and it does not guarantee cybercriminals’ willingness to restore access or decrypt data.
“Cybersecurity insurers are increasingly excluding ransomware payment from coverage. This is encouraging organizations to invest in proactive preventative actions,” she said.
Cutler cited Japan’s approach as an example. Nikkei Cross Tech Japan Proofpoint According to a report, Japanese organizations pay a significantly lower rate of ransom than other countries. According to the Metropolitan Police Department’s Threats in Cyberspace report, despite a spike in ransomware through 2023 there has been a slight decrease in the first half 2024.
She explained that, “While it’s not clear whether this decline is directly linked to Japan’s low payment rates, it could indicate that minimising ransom payments can influence overall ransomware activities.”
Ransomware payment bans: Challenges in enforcing them
Craig Jones, vice-president of security operations at Ontinue admitted that cyber experts debate the pros and cons to banning ransom payment in order to combat ransomware. It is a complex issue.
It is hard to enforce a similar ban, especially when cryptocurrencies provide anonymity.
He said that in critical situations, organisations may choose to covertly pay ransoms to restore vital data or operations. This undermines the effectiveness of the ban.
Jones believes that a well-rounded strategy could be more effective. He supports enhancing cybersecurity defences, promoting global cooperation to track down and prosecute cybercriminals and regulating cyber insurance.
He said that “this multi-layered strategy addresses the causes and effects of ransomware, without the significant challenges of enforcement and the potential negative consequences of an outright ban.”
“Such a strategy acknowledges cyber threats’ complexity and global reach, providing a balanced solution that mitigates ransomware risks.”
‘No Concessions’ Ransomware Policy Risks and Realities
Theoretically, no-payment clauses aim to reduce the profits of cybercrime through denying attackers what they want. Jason Soroko is the senior vice president for product at Sectigo. His company offers comprehensive services for certificate lifecycle management.
“While banning the payment of ransomware might deter attackers over time, this also puts victims in a precarious situation, especially those with critical infrastructures. It could potentially lead to severe interruptions,” he said.
He said that the legal frameworks for prohibiting payments should be carefully designed to avoid unintended outcomes. It could be that organizations are forced to operate in secret or the damage is exacerbated during an active attack.
He observed that “the balance between disincentivizing crime and protecting essential service is delicate.”
Strengthening Cybersecurity through Employee Training
Patrick Tiquet (VP of security and architecture, Keeper Security) argues that employee training and education about cybersecurity best practices is crucial to protecting an organization against evolving cyber threats.
Employees are the first line in defense. He said that regular training sessions should stress the importance of being vigilant when receiving uninvited multi-factor authentication prompts (MFA).
The focus of this education should be on teaching employees how to immediately question any notifications that are unexpected and report any suspicious behavior without delay. Tiquet said that simulated phishing and push notifications exercises can help employees identify and respond to threats.
He said that it is important to foster a culture in which employees are comfortable with reporting security concerns without fear of being reprimanded. This will allow for a timely detection and response.
Ransomware Payment Problems: How to Avoid Them
NgocBui, a cybersecurity specialist at Menlo SecurityIt is argued that paying ransoms shouldn’t be illegal anywhere. Although it may incentivize the threat actors, paying ransoms could be worse, particularly for organizations that are involved with critical infrastructure.
“Ransomware disruptions can be catastrophic. Organizations must put protecting their operations and stakeholders first.” Bui said that organizations who suffer a ransomware assault should use the experience as an opportunity to improve their security measures.
Preventing ransomware attacks is the primary way to avoid this question. Tiquet suggests that companies should manage the security of their third-party contractors. To ensure that contractors are meeting stringent standards, conduct thorough background checks and perform security assessments.
He said that applying the principle “least privilege” to contractors is crucial for an organization’s safety.
This is done by granting only the minimal amount of access that’s required to perform their roles and tasks within the company. It is important to conduct regular audits on third-party access to identify any abnormal or unauthorized activity early, which will allow you to take prompt action and mitigate potential risks.