New Zealand-based infosec firm Emsisoft, has issued a report on ransomware in the US during 2023, in which they are suggesting a ban on paying ransoms and the subsequent loss of revenue by the gangs would reduce ransomware attacks.
The State of Ransomware in the U.S.: Report and Statistics 2023 (emsisoft.com)
They are calling for the ban to be internationally supported as organised cyber-criminal gangs operate without borders.
The UK National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) issued guidance to The Law Society and The Bar Council on not paying cyber-criminals back in July 2022. So although not illegal in the UK to pay a cyber ransom, it is not encouraged either and depending on who gets the money you may still be breaking anti-terrorism laws!
Of course, the answer to this problem is not just ban the payments, as there will be countries that will see this as an opportunity to make money by allowing payments within their territory and banking systems. But it would be start.
This means you still need a ransomware plan.
Clive Catton MSc (Cyber Security) – by-line and other articles
