Thoughts: Should We Ban Ransomware Payments?

Thoughts: Should We Ban Ransomware Payments?

If a cyber criminal gets onto your network, one of their favourite things to do is lock you out of your own files. They do this by "encrypting" the files, so basically you can't use them until you "decrypt" them with a special digital key. And of course the criminals make you pay money to obtain this key. Backups can protect against this, but the criminals will try and impact your backups - perhaps they can stop them from running, or maybe they can encrypt the backups too.

A key consideration for Government is whether they make it illegal to pay the ransom. If we take a stance of "don't pay the kidnapper", then they don't kidnap. Well that's the theory at least. But what could be the alternate outcomes?

Criminals will know companies can't legally pay out, but their correspondence will likely be based around "keep it quiet, you don't report, and we won't notify anyone of this data breach". They'll likely act more honourably, and won't release any breached information after a ransom event, or even the breach publicly.

Maybe ransomware does reduce in frequency, but no doubt the criminals will adapt, and maybe focus on selling data more on the Dark Web, or move to AI Deep fakes more to trick people.

And what happens if someone loses their business because they can't pay up? This WILL make the news, and could push ransomware payments underground even more.

Only time will tell if a strategy like this will be effective or, create other problems.

It's always better to prevent than cure however, so make sure you can restore unchanged data when / if you need to. That means doing things like:

  • Create a backup plan of what (needs to be backed up), how (will it be backed up), where (will the backups be stored), and when (will backups occur)
  • Regular backups, to different media, and different locations
  • Regularly test the restoring of your backed up data
  • Ensure your backups systems cannot be accessed. Typically they should be disconnected from networks when not in use
  • Ensure that backup login accounts cannot modify or delete backups
  • Review your backup plan regularly