Skip to main content

The government’s ransomware payment ban: what are the wider implications?

Web Hosting & Remote IT Support

The UK government’s recently announced ban on public sector ransomware payments has received mixed reactions from industry.

With the aim of removing the financial incentives that fuel ransomware attacks and making public sector bodies and critical national infrastructure less attractive targets, the policy marks a significant step in the fight against cybercrime.

But the introduction of this new policy has not come without criticism. While supporters acknowledge that ransom payments reward criminals and fund more crime, others warn that it could lead to negative consequences such as promoting a secondary black market or impacting ransomware reporting.

Cybersecurity is a complex web with no straightforward solution. While it’s positive to see new ideas being explored, industry experts and policy makers must act with caution and consider all possible consequences before implementing measures to address security risks.

Loopholes in the ban

The legislation seeks to prohibit payments from public sector bodies, but organizations may seek out ways around the restrictions to enable the recovery of their services, minimize financial impact of an attack, or even ensure that their customers data is not leaked to the world.

One potential loophole is the use of overseas bank accounts or third-party intermediaries to facilitate payments without direct involvement. If I were a firm with offices in the UK and Germany, what’s to stop me using my German entity to pay? Or using a third party that I pay back for ‘security services rendered’? Loopholes will be found that businesses can exploit, meaning the ransomware ban will lose its effectiveness and essentially create an uneven playing field for organizations.

The dilemma of payment

Ransomware already provides an ethical dilemma for CISOs. None want to pay, recognising it for promoting the continuing cycle of cyber attacks, however many are hesitant to sign a blanket non-payment policy, fearing that in extreme circumstances, they may need to break it to ensure the survival of their organization.

This ban will amplify that dilemma for Chief Information Security Officers (CISOs) and business leaders.

For organizations facing ransomware attacks, the reality is grim: pay the ransom and recover access to critical systems or refuse and risk prolonged service outages and uncontrolled data spills.

Will the government step in to support businesses that suffer from prolonged disruptions? How about if they face a stark choice between payment and business survival? And what if an organization is responsible for providing life-saving or critical public services, does the government bear some responsibility in ensuring operational continuity?

These are critical questions that remain unanswered.

CISOs may be hesitant to sign a blanket non-payment policy, fearing that in extreme circumstances, they may need to break it to protect their organization. A rigid stance against payment may be ideal in theory, but in practice, businesses need flexibility to respond to complex and evolving cyber threats.

Impact on intelligence gathering

Another significant concern is the impact on information sharing. If businesses are legally stopped from making ransomware payments, they may choose to mislabel such attacks or avoid reporting ransomware incidents altogether to avoid scrutiny or potential penalties. This would enable them to have more flexibility in their response.

This could have severe consequences for cybersecurity intelligence. Reduced reporting means a lack of visibility into attack patterns, techniques, and emerging threats – this could inadvertently benefit cybercriminals in the long run.

Bypassing the ban does not come without risk, however. Secretly paying a ransom could drive the emergence of a secondary blackmail market, where attackers threaten to expose victims who choose to pay in secret.

Organizations may find themselves not only negotiating with cybercriminals for data access but also facing extortion threats over the payment itself. This added layer of complexity could lead firms into worse financial situations, all in their attempts to restore their service in the most effective manner.

A roadmap forward

A rigid stance against payment may be ideal in theory, but in practice, businesses will demand flexibility to respond to complex and evolving cyber threats as they see fit – enabling them to manage the complex risks and issue that follow a cyber attack – such as service restoration and data privacy.

It’s evident that we should strongly dissuade firms from paying ransomware demands, however a need for flexibility is what businesses really need. As such, perhaps the government could embrace a model that permits a controlled path for payment in exceptional circumstances.

Firstly, mandatory reporting of ransomware attacks to a suitable authority should be enforced, regardless of whether a payment is made. This would ensure comprehensive tracking and analysis of ransomware incidents, contributing to a more robust understanding of the threat landscape.

If a firm wished to pay a ransom, this could be permitted but only with the express approval of UK government or National Cyber Security Centre (NCSC). This would keep track of the payments and provide oversight on regular victims who would benefit from resilience improvements.

Businesses should also be required to provide staff with proper training and education around cyber-attacks, ensuring they are ready to react appropriately if an attack occurs.

A measured response is needed

While the government's ban on ransomware payments aims to reduce the financial incentives behind cyberattacks, it also presents several critical issues. Payment dilemmas and impacts on intelligence gathering, for example, must be addressed.

A collaborative effort between businesses and the government, with mandatory reporting, flexible payment options and required training, is needed. By providing the necessary tools, support and a clear protocol for reporting and response, organizations can better navigate the complexities of ransomware attacks.

We've rated the best antivirus software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro



via Hosting & Support
Labels:

Comments

Post a Comment

Web Hosting
Remote IT Support
Sites & Socials

Popular posts from this blog

Microsoft, Google, and Meta have borrowed EV tech for the next big thing in data centers: 1MW watercooled racks

Web Hosting & Remote IT Support Liquid cooling isn't optional anymore, it's the only way to survive AI's thermal onslaught The jump to 400VDC borrows heavily from electric vehicle supply chains and design logic Google’s TPU supercomputers now run at gigawatt scale with 99.999% uptime As demand for artificial intelligence workloads intensifies, the physical infrastructure of data centers is undergoing rapid and radical transformation. The likes of Google, Microsoft, and Meta are now drawing on technologies initially developed for electric vehicles (EVs), particularly 400VDC systems, to address the dual challenges of high-density power delivery and thermal management. The emerging vision is of data center racks capable of delivering up to 1 megawatt of power, paired with liquid cooling systems engineered to manage the resulting heat. Borrowing EV technology for data center evolution The shift to 400VDC power distribution marks a decisive break from legacy sy...
Post a Comment
Read more

The Apple Watch ban is lifted, on appeal – but the reprieve might only be temporary

Web Hosting & Remote IT Support The Apple Watch ban story has developed quickly over the last week and a bit, and there's now a new twist: the US Court of Appeals is putting a pause on the US sales and import ban while it reviews the case, which means the Apple Watch 9 and Apple Watch Ultra 2 can go back on sale for the time being. "We are thrilled to return the full Apple Watch lineup to customers in time for the new year," an Apple spokesperson told TechRadar. "We are pleased the US Court of Appeals for the Federal Circuit has stayed the exclusion order while it considers our request to stay the order pending our full appeal." The watches in question are now once again available from "select" Apple Stores, and will also be going on sale from the Apple website from 12pm PT / 3pm ET on Thursday, December 28 (that's 8pm in the UK, and early on December 29 in Australia). All Apple Stores should have stock by the weekend. As for how long t...
Post a Comment
Read more

The Samsung Galaxy Ring could go into production as soon as next month

Web Hosting & Remote IT Support With the dust beginning to settle from the huge Samsung Unpacked 2023 event, we can turn our attention towards what Samsung might have planned next: and a smart ring seems to be in the company's near future. As per a report from South Korean outlet The Elec (via SamMobile ), mass production on a Samsung Galaxy Ring could begin as early as August, with a decision imminent on the schedule for getting the wearable manufactured and out to consumers. A full launch is slated for some point during 2024 though, rather than 2023. The nature of the device means that it'll need to clear several regulatory hurdles before it can go on sale and start tracking various vital statistics. An early 2024 launch would put the Galaxy Ring on a similar schedule to the Samsung Galaxy S24 – and it would therefore make sense to launch both gadgets at the same time, perhaps in January or February if Samsung follows its 2023 routine. The story so far Rumors ar...
Post a Comment
Read more