Emsisoft [1] [2] [3] [4] [5] [6] [7], a leading cybersecurity firm, has called for a ban on ransomware payments in the United States. They argue that paying ransoms only encourages more attacks and drives up costs.
Description
According to Emsisoft’s analysis [3], the US experienced over 300 ransomware attacks in 2023 [6], impacting hospitals, schools [1] [2] [6] [7], government bodies [2] [6] [7], and private-sector businesses [1]. These attacks directly affected 2207 entities and had indirect effects on supply chains. The average ransomware payment in 2023 reached $1.5 million [4], a significant increase from $5000 in 2018 [4]. Emsisoft believes that current strategies to combat ransomware have been ineffective, as private enterprises continue to contribute to the income of cyber gangs. They predict that a ban on payments would disrupt the flow of capital and make ransomware less profitable [4] [5], forcing cyber gangs to resort to less impactful methods of attack [4]. Additionally, Emsisoft estimates that ransomware has caused significant economic and societal harm [7], even resulting in the death of one American per month between 2016 and 2021 [7]. This growing threat has led Emsisoft to advocate for a complete ban on ransom payments as the only viable solution to the ransomware problem.
Emsisoft also questions the factors that have led to a rapid increase in ransom demands and speculates that cyber insurance [5], particularly those with ransomware protection [5], may have contributed to the rise in attacks and revenue for cyber gangs [5]. They argue that current anti-ransomware strategies are ineffective and that a ban on payments is the only solution to discourage attacks [4] [5]. While a ban would not eliminate all ransom payments [5], its main goal would be to disrupt the flow of capital and make ransomware less profitable [4] [5]. Emsisoft predicts that cyber gangs would then turn to alternative methods that have less impact on companies and organizations [5]. Allan Liska [2], a Threat Intelligence Analyst at cybersecurity firm Recorded Future [2], supports the idea of a ban on ransom payments, stating that it may lead to a short-term increase in attacks but is the only solution with a chance of long-term success [2].
Conclusion
The impact of ransomware attacks on the US is significant, with numerous entities directly affected and many more indirectly impacted through supply chain attacks. The average ransomware payment has skyrocketed, causing financial strain. Emsisoft argues that a ban on payments would disrupt the flow of capital and make ransomware less profitable, forcing cyber gangs to seek alternative, less impactful methods [4]. While a ban may lead to a short-term increase in attacks [2], it is seen as the only solution with a chance of long-term success [2]. Mitigating the harm caused by ransomware is crucial for the economic and societal well-being of the US, making a ban on payments a necessary step in combating this growing threat.
References
[1] https://rodinanews.co.uk/news/ban-on-ransomware-payments-the-alternative-isnt-working-the-register/306632/
[2] https://tech.co/news/ransomware-attacks-killing-americans
[3] https://insidecybersecurity.com/daily-news/security-firm-argues-banning-ransom-payments-us-protect-critical-services-personal
[4] https://www.techradar.com/pro/should-ransomware-payments-be-banned-this-cybersecurity-firm-thinks-so
[5] https://telegraph247.com/tech/should-ransomware-payments-be-banned-this-cybersecurity-firm-believes-so/
[6] https://cisoseries.com/cyber-security-headlines-ransomware-bans-voice-cloning-contest-slow-data-exports/
[7] https://www.infosecurity-magazine.com/news/experts-clash-over-ransomware/
