Multiple US agencies, including CISA, the NSA, and the FBI, issued warnings about not paying ransomware scanners, however, they’re strongly against banning ransomware payments.
A ransomware scam is when a hacker encrypts your private data and threatens to leak it unless a demand is made. Ransomware scammers have been getting more vicious and more numerous over the past several years, leading to Federal organizations warning the public about what to do when you’re the target of one.
Recently, the topic of banning companies from paying ransomware attacks came up in Oxford.
“I think within our system in the U.S. — just from a practical perspective — I don’t see it happening,” Jen Easterly, Director of CISA, stated in response.
Many organizations have discussed the topic, including the Ransomware Task Force for the Institute for Security and Technology, who believe that banning ransomware payments only makes it harder for victims of ransomware attacks.
They believe that this would be particularly harmful to small businesses that may not be able to operate with lengthy pauses to their operations. Many small business owners have to pay ransom to keep their doors open, and banning it only forces them to close down.
It’s also argued that a ban on paying the ransom is a firm indication to criminals that the country has no means of fighting back against scammers. The root of the problem isn’t people paying the criminals, but rather the lack of adequate cybersecurity protection.
“I do think we’ve made a difference, but I don’t think we’re going to make ransomware a shocking anomaly without successful implementation of a Secure-by-Design campaign,” Easterly states. “We cannot expect businesses that don’t have huge security teams to be able to secure that infrastructure unless that technology comes to them with dramatically reduced numbers of vulnerabilities.”
While the US is continuing to seek ways to combat ransomware scammers, for now, banning payments will not happen.