From Cybersecurity Today, April 15, 2024. This story provides the warning of paying ransom to our attackers as it will only further advance their work. To stop future attacks on ourselves and on the general public at large, we need to prevent any payments to these attackers as much as possible.
Speaklng of ransomware, one of the ways of crushing ransomware gangs is to take the money out of their attacks. The problem is forbidding — or even begging — unprepared organizations not to pay a ransom isn’t working. So last week the Ransomware Task Force, a group of public and private sector experts, released a plan to reduce the need to ban ransomware payments. It will take several years, the Task Force admits. But only after all the steps in its plan have been met should governments think about prohibiting ransomware payments. Briefly, the plan says ‘Don’t institute a payment ban until organizations have cybersecurity maturity.’ Here are some of the recommended steps:
–Develop a ransomware framework to provide a national standard for ransomware preparation. The framework would be adapted for organizations of different sizes, maturity and risk profiles;
–provide financial incentives for organizations to comply with the framework;
–mandate limited baseline security measures for critical infrastructure providers including utilities, banks and hospitals;
–form an international law enforcement partnership to target ransomware gangs;
–require cryptocurrency exchanges and over-the-counter trading desks to comply with existing financial transaction tracking controls;
–create a ransomware response fund to help victim organizations recover from attacks;
–work with cyber insurers;
–and end the tax deductibility of ransomware payments.
The Task Force believes things like this could take two years to implement. Only then should governments think about banning ransomware payments.
Meanwhile, nothing stops your organization from toughening its cybersecurity defences.