Ban ransomware payments, Emsisoft urges governments

A major cybersecurity company is urging governments to forbid all organizations in their countries from paying ransomware gangs, arguing it would at least make crooks shift from hitting critical infrastructure providers such as hospitals, utilities and schools.

Emsisoft made the plea Monday in releasing final — and record — ransomware numbers for 2023 for the number of organizations hit.

Just over 2,200 U.S. hospitals, schools, and governments were directly impacted by ransomware, the company said, with many more being indirectly impacted via attacks on their supply chains. Additionally, thousands of private sector companies were either directly or indirectly impacted. The number of victim organizations is likely much higher; the numbers gleaned by Emsisoft are ones that can be confirmed. Many organizations — in every country around the world — don’t report successful cyber attacks.

“The only viable mechanism by which governments can quickly reduce ransomware volumes is to ban ransom payments,” Emsisoft argues. “Ransomware is a profit-driven enterprise. If it is made unprofitable, most attacks will quickly stop.”

“Were there to be a ban, we believe that bad actors would quickly pivot and move from high-impact encryption-based attacks to other less disruptive forms of cybercrime. It would really make no sense for them to expend time and effort attacking organizations which could not pay. Additionally, bad actors already do attack healthcare providers, local governments, and other custodians of critical infrastructure – relentlessly, day in, day out – and it’s far from certain that they would have either the incentive or the resources to attack them any more frequently.”

Related content: Canadian mid-sized firms paid an average $1.4 million in ransoms

A ban would not need to stop all payments, Emsisoft argues. It would simply need to stop enough to ensure that ransomware ceased to be profitable and, as most companies would abide by the law, this would likely be achieved.

In 2022, Emisisoft notes, both North Carolina and Florida banned public sector entities from paying demands. “As far as we are aware, no entity in either state has experienced catastrophic data loss as a result of the ban, and nor have any experienced unusually excessive downtime.”

We reached out to Canadian-based Emsisoft threat researcher Brett Callow with two questions about banning ransomware payments:

First, why would a ban on ransomware payments would stop a gang from attacking organizations? Wouldn’t gangs continue stealing and encrypting data, and then threatening to embarrass the organization into capitulating? “The aim wouldn’t be to stop all cybercrime,” Callow replied, “it’d be to stop disruptive encryption-based attacks. And, yes, a decrease in ransomware could well mean an increase in business email compromise and other forms of cybercrime. But those other forms don’t put people’s lives at risk.”

Second, if paying crooks is banned, isn’t there a risk organizations will ease off on cybersecurity. They would think, ‘Crooks know I won’t pay to get data back, so I won’t be a target any more.’ Callow replied that governments have many legal and regulatory tools to make organizations invest in cybersecurity. For example, he noted that recently New York’s Attorney General secured US$450,000 from U.S. Radiology Specialists, Inc. (US Radiology) for failing to protect its patients’ personal and healthcare data.

Last year, 48 countries, including Canada and the U.S., agreed their national governments shouldn’t give in to ransomware demands. The promise came at the end of the third annual meeting in Washington of the International Counter Ransomware Initiative (CRI).

“CRI members affirmed the importance of strong and aligned messaging discouraging paying ransomware demands and leading by example,” the group said in a statement.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including ITBusiness.ca. Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs