Businesses often want to pay ransom: Fred Chagnon, principal research director at Info-Tech Research Group noted that, from a business continuity perspective, it can make sense to pay the ransom.”Paying the ransom can sometimes be the quickest and least damaging path to restoring operations, especially if backups are compromised or recovery is prohibitively slow. While paying may inadvertently fund further criminal activity, for a victimized organization, it often represents a pragmatic business decision to minimize downtime, financial loss, and reputational damage,” he said. However, he added, “policies that penalize victims will inadvertently lead to underreporting of incidents, driving payments underground, and hindering intelligence gathering and law enforcement efforts. It’s also a punitive measure on victims already suffering financial loss.”Robin Brattel, CEO of Lab 1, a data intelligence vendor, argued that there is also the issue of group compliance. The ban may ultimately work, but only if just about everyone cooperates.”Some threat actors will test the model to see if it holds. Once one organization gives in, others may follow. The challenge is for everyone to stay unified. If that happens, there’s a chance that money-hungry threat actors will stop focusing on these victims,” Brattel said. “However, hackers and state actors won’t disappear. Initially, we could see an uptick in attacks, but there’s a chance that they may subside over time.”We agree with the principle [of the proposal], but the reality is very different and more complex. When a public institution is effectively under siege, with operations frozen and sensitive data held hostage, it can trigger unpredictable and desperate responses.”Brattel added that time is never on the side of the victim. “Attackers are not working to a deadline. They can afford to wait. If they don’t receive payment, they’ll likely release the data, regardless of who it impacts”, patients, students, or local residents,” Brattel said. “That kind of pressure can push even well-meaning institutions to seek unofficial or indirect ways to meet ransom demands.”Another security specialist also doubted that the ban would ultimately make much of a dent in UK ransomware attacks.”The government is admirable in its efforts to crack down on ransomware by trying to cut off the funding to hackers, however, these groups won’t allow themselves to be the ones held to ransom,” said Rob Jardin, chief digital officer at NymVPN. “If the best solution to the issue is to just turn around and say to the hackers ‘we’re not giving into your demands anymore,’ don’t be surprised if they double down and try to expose more data and make a business selling it on the dark web,” he said.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4026893/uk-proposal-would-forbid-ransom-payments-by-govt-agencies-but-will-it-meaningfully-decrease-ransomware-attacks.html
