Expert opinion on rejection or payment after a ransomware attack

Ransomware attacks have shown signs of abating in recent months. Yet they still pose enough of a threat to make organizations reconsider whether a successful breach of their computers justifies paying a ransom demand in the hope that attackers won’t reveal their stolen content.

According to NCC Group Threat Pulse Report Released in May, the ransomware landscape remains turbulent despite underreported incidents since April. Industrial (34%) and consumer electronics (18%) are the first and second-most targeted sectors.

There has been a significant shakeup in the top 10 ransomware actors since April. Hunters, one of the leading bad actors, moved from eighth to second most active threat actor. It launched 61% more ransomware attacks in April than in March. RansomHub replaced RA Group in third place and saw a 42% increase in attacks in March.

The no-ransom policy, often called the “no concession” policy, is a widely debated strategy in terrorism and hostage situations. Its effectiveness continues to be argued from multiple perspectives. Cybersecurity experts apply the same reasoning when deciding whether or not to pay ransomware.

Some argue that paying ransomware warrants funding for future criminal activity. Legal considerations are also part of the decision equation. In some countries, paying ransom to terrorists is illegal. Others say similar laws are needed to help crack down on ransomware crime.

According to the US Department of the Treasury, no federal law in the US makes ransomware demands illegal. However, making such payments comes with significant legal and financial risks.

The rationale behind the “no concessions” policy is that removing financial incentives for cybercriminals can reduce the frequency and severity of ransomware attacks, according to Ann Cutler, a cybersecurity campaigner. keeper security.

“However, this approach, while laudable, presents real-world challenges for organizations,” he told TechNewsWorld.

No-pay ransomware tactics are gaining support

Cybersecurity experts and government officials have long supported the no-ransom policy because of its potential to deter criminal activity and reduce attacks, Cutler noted. Paying a ransom is risky and unreliable and does not guarantee that cybercriminals will regain access or decrypt files.

“Cybersecurity insurance companies are increasingly excluding ransomware payments from coverage, enticing organizations to invest more in proactive preventative measures,” he added.

Cutler offered Japan’s strategy as a relevant example. Nikkei Cross Tech and Japan Proofpoint The report states that Japanese companies maintain significantly lower rates of ransom payments than other countries. According to the Metropolitan Police Department’s Threats in Cyberspace report, ransomware incidents increased through 2023, but slightly decreased in the first half of 2024.

“While it is unclear whether this decrease is directly related to Japan’s lower payment rate, it suggests that reduced ransom payments may be affecting overall ransomware activity,” he explained.

Challenges to Enforcing Ransomware Payment Bans

Craig Jones, Ontineu’s vice president of security operations, acknowledged that cyber experts debate the pros and cons of banning ransom payments to combat ransomware. But it is a versatile proposition.

“While this may discourage attackers by cutting their financial incentives, such a ban is difficult to enforce, especially with the anonymity afforded by cryptocurrencies,” he told TechNewsWorld.

In critical situations, organizations may still choose to secretly pay ransoms to retrieve critical information or restore operations, reducing the effectiveness of sanctions, he added.

Jones sees a more well-rounded approach as potentially more effective. He advocates for enhancing cyber security defenses, promoting international cooperation to track and prosecute cyber criminals, and regulating the cyber insurance industry.

“This multilayered strategy addresses the root causes and consequences of ransomware without significant enforcement challenges and the potentially negative consequences of sanctions,” he argued.

“Such an approach recognizes the complexity and global nature of cyber threats, providing a balanced solution to reduce ransomware risk.”

Risks and realities of the ‘no exceptions’ ransomware policy

In theory, no payment clauses attempt to disrupt cybercrime profits by denying attackers their desired outcomes. However, implementing this strategy universally can be challenging, warns Jason Soroko, senior vice president of product. Sectigo. His company provides comprehensive Certificate Lifecycle Management (CLM) services.

“While banning ransomware payments may deter attacks over time, it puts victims, especially critical infrastructure, in a precarious position, leading to potentially serious disruptions,” he told TechNewsWorld.

Legal frameworks to ban payments need to be carefully crafted to avoid unintended consequences, he suggests. This includes forcing organizations to operate covertly or increasing casualties during active attacks.

“The balance between deterring crime and protecting essential services is delicate,” he observed.

Strengthening cyber security through employee training

Employee training and education on cybersecurity best practices is critical to protecting an organization from evolving cyber threats, says Patrick Ticket, vice president of security and architecture at Keeper Security.

“Employees are the first line of defense. Regular training sessions should emphasize the importance of caution when receiving unsolicited multi-factor authentication (MFA) prompts,” he emphasized.

This education process should focus on training staff to immediately question unexpected notifications and report any suspicious activity without delay. Simulated phishing attacks and push notification exercises can effectively help employees recognize and respond to threats, Tiquette noted.

“Building a culture where employees feel comfortable reporting potential security issues without fear of reprimand is essential to timely threat detection and response,” he said.

Tips to avoid ransomware payment dilemmas

Ngoc Bui, cyber security expert Menlo SecurityArgues that paying ransom should not be illegal anywhere. While this may encourage threat actors, not paying can be more damaging, especially for organizations involved in critical infrastructure.

“Disruption from ransomware can be catastrophic, and organizations must prioritize security programs and stakeholders. Organizations that suffer a ransomware attack should also use this as a learning opportunity to adjust their security systems, and they are using actionable intelligence to do so. To confirm that,” Bui said.

A primary strategy for avoiding the pay-or-do-no-pay question is to proactively prevent ransomware attacks. Tiquet advises companies to have a third-party contractor handle security. Start by conducting thorough background checks and security assessments to ensure contractors meet strict standards before granting access to sensitive systems.

“Once contractors are onboarded, enforcing a policy of least privilege is critical to an organization’s security,” he said.

This approach means giving them the minimum access necessary for their specific tasks and roles within the organization. Regular audits of third-party access are critical to detect any unusual or unauthorized activity early, enabling immediate action to mitigate potential risks and breaches.