Paying ransoms could soon become illegal

Ransomware is a term that’s been used more and more frequently to explain the blackmailing of companies and organisations that fall victim to secretive gangs of hackers. No one is immune, governments, the public and private sector, even hospitals, have been targeted with system denials followed up by demands for huge sums. But if we pay these ransoms, are we just adding fuel to the fire?

Ransomware gangs base themselves in countries that don’t cooperate with international law enforcement such as Russia and Iran. North Korea has even been accused of running its own ransomware divisions whose profits help to prop up the failing state.

High profile cases such as the recent U.S Colonial Pipeline paying £3.1m to ransomware hackers made international headlines. The arguments for and against paying the blackmailers is no different to any other kind of extortion. If the hackers think there is a market to exploit, then ransomware will continue. But, if organisations don’t pay, can they survive at all?

According to recent cybersecurity report attacks increased by 485% in 2020 alone. Home working during the pandemic playing its part with poorly secured remote access logins a common route in.

Experts believe that around half of ransomware demands are paid – the pressure of threat to livelihoods and business continuity outweighing the need to try and cut off the source of illegal funding to the gangs.

In the world of ransomware, there are no moral absolutes. To not pay up is a principled stance but one many can’t afford to take. Without the encryption key systems stayed locked and trying to find these can often cost more than the original ransomware demand. When Atlanta refused to pay a £36,000 ransom in 2018, it cost the city more than £1.8m to rebuild.

Some believe that companies who “allow” cybersecurity breaches through lax systems should be liable and fined for the resulting fall out. Another idea being mooted is for Governments to make paying ransoms to cybercriminals illegal.

The key message is that no business, regardless of size or sector, can afford to be complacent. To discuss cyber security protection strategies for your business, speak to a member of our team who can help to support your business needs.