Just before the 2024 general election was announced, the UK government was looking to bring in tougher rules on ransomware payments, including the potential to ban ransom payments entirely. The justification? A decisive action to cut off the business model of cyber extortionists.
But the message around ransom payments is contradictory to say the least. In the UK, the NCSC has made it abundantly clear that businesses should not pay ransoms. Yet, insurance policies recommended by the government’s Cyber Essentials scheme clearly state that they provide cover for extortion payments. Ultimately though, this directly funds cybercriminal activity and enables it to gain momentum.
So, what are the benefits and drawbacks of banning ransomware payments, what alternatives can be considered and what role does the cyber insurance industry play in tackling this threat?
Chief Security Evangelist, ESET.
To pay or not to pay
Earlier this year, French hospital, CHCSV, refused to pay a ransomware demand, despite suffering severe operational disruption. Meanwhile, other organizations that have fallen victim, such as Change Healthcare in the US, have gone in a different direction, with this particular private healthcare firm paying $22m to attackers.
The difference here is that one victim falls within the public sector, while the other doesn’t, and when public sector organizations pay ransom demands, it ultimately comes out of tax payers’ money. It’s for this reason, among others, that several states in the US have already made it illegal for public sector organizations to pay extortion payments.
However, there appears to be less public transparency in…
Read full post on Tech Radar
Discover more from Technical Master - Gadgets Reviews, Guides and Gaming News
Subscribe to get the latest posts sent to your email.
