Ransomware Payment Legislation: What Makes Sense and What Does Not?

In recent years, ransomware attacks have become the single most lucrative branch of cyber crime. The biggest, most dangerous and most successful threat actors and strains of ransomware have generated dozens of millions of dollars in 2021 so far and they show no signs of slowing down with their activity.

In the face of this turbulent ransomware climate, there have been ideas tossed around, concerning a legislative framework that might ban all ransomware payments. Of course, on the surface, the reasoning behind a such a ban would be that in this way large amounts of money would stop flowing into the coffers of hackers and threat actors. On paper, paying up ransom is essentially funding cyber criminals.

Of course, the issue is never that simple and things are never black and white. As the latest few very high-profile ransomware attacks in the US have shown, there are instances where critical infrastructure is brought down and the entire country suffers greatly from it.

Colonial Pipeline who paid over $4 million in ransom money to get a decryption tool were the key supplier of liquid fuel for the entire East Coast. The ransomware job that DarkSide group pulled on Colonial was essentially so damaging that the affected states had to start transporting fuel to outlying regions using tanker haulers.

Banning ransomware payments will also not stop attacks completely, of course. Additionally, if a major network that serves vital infrastructure got hit and formatting and reinstalling would take too long, a similar payment ban could potentially bring entire states to their knees and put them in a state of emergency.

Graeme Newman, international cyber underwriter at a big UK insurance company that deals with cyber insurance as well, pointed out a middle-ground solution. If legislators want to stop hackers getting millions from just about any larger company, but also want to give critical infrastructure providers a safety net, a specialized body or system of bodies would be needed. Those entities would examine each attack on a case-by-case basis and make a final decision whether the payment is really necessary and whether refusing it would affect vital infrastructure.

Currently there is no legal hurdle in the way of a company attacked with ransomware to effect the payment, whether this is done through an insurer or directly. How likely this situation is to change in the foreseeable future remains to be seen.

July 9, 2021
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.