Calls made for governments to ban ransomware payments

Should governments make it illegal to pay ransomware demands? That’s the question being asked on a global scale, following a series of high-profile hacks that have impacted businesses, governments and organisations alike.

There are thought to be over a dozen highly prolific ransomware groups, hitting big businesses with incredibly lucrative demands. One of them, DarkSide, has made around $90 million in ransom payments – across 47 different victims – in just a matter of months. Among the worst-hit was Colonial Pipeline, which stumped up $4.5 million after hackers stopped it transporting fuel. What’s more, it was just a few hours between the hackers getting access and the ransom being paid.

All this has prompted renewed calls for governments to make it illegal for private companies to pay these demands. The theory is that, if faced with a potentially larger penalty from the authorities than what was demanded in the ransom, private companies won’t have a choice but to spurn the advances of their hackers. This leaves hackers impotent and therefore, the theory goes, less likely to target these businesses in the first place.

However, some analysts have claimed that such a ban would only work in an ideal world – and would be much less effective in reality than some think. For example, a huge number of businesses already pay the ransoms in secret. If they’re able to continue doing so, they may consider trying to go under the radar to get their data back and not have to involve the authorities (as well as all the negative press this would involve).

It could also have much more grizzly outcomes, as community and public affairs vice-president at Rapid 7, Jen Ellis, told the BBC.

“Banning payments would almost certainly result in a pretty horrific game of ‘chicken’, whereby criminals would shift all their focus towards organisations which are least likely to be able to deal with downtime – for example hospitals, water-treatment plants, energy providers, and schools.”

Ellis added that hackers would use the harm to society caused by such downtime to “apply the necessary pressure to ensure they get paid.” The hackers themselves have very little to lose, but potentially much to gain.

Supporters of such a ban say that one way to help make it effective would be for governments to justify their measures by providing organisations with the resources and support to withstand such attacks in the first place.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Calls made for governments to ban ransomware payments

Categories

Horsham Office: 01293 871971 | London Office: 0203 763 3919 | IT Support: 01293 876000