Banning Ransomware Payments - Will It Work? 

In the light of the ever-growing ransomware threat, what would be the impact banning ransomware payments and would it help?

Throughout 2022, ransomware attacks continued to have significant impacts on organisations, with countries such as Australia observing a sharp rise in cyber attacks and damaging data breaches; this is a trend that is expected to continue.

The Australian government is now exploring options to ban companies from making ransomware payments, and it is likely given the strength of the threat, that other countries around the globe will do the same. This raises the question: what impact would this have on organisations and how can such legislation be effectively enforced?

The Impact On Organisations 

Legislation that prohibits the payment of ransoms to cyber-criminals would almost certainly lead to some positive outcomes, particularly in the short-term. The revenue obtained by ransomware groups that are targeting entities in nations that had implemented legislation to ban payments is likely to reduce dramatically in the short to medium term. Companies that may have previously opted to pay a ransom are far more likely to comply with a legal ban to avoid regulatory or law enforcement scrutiny. 

It is likely, however, that ransomware groups would shift to targeting organisations based in nations where legislation does not outlaw payments. However, despite this shift it is unlikely they would be able to earn at the current level so it would have significant financial impacts for all criminal entities involved in ransomware. 

How Can Government Enforce A Ban? 

Most ransomware payments are made in cryptocurrency via a blockchain. The difficulty and costs associated with tracing crypto assets are likely to create enforcement difficulties for both public and private enforcement bodies. 

Recently, however, several steps have been taken to regulate and crack down on illicit cryptocurrency transactions. These actions include anti-money laundering, combating the financing of terrorism (AML/CFT) rules and the seizure of illicit cryptocurrency exchanges. 

Overall, successful implementation and enforcement of a ban on ransomware payments would prove a significant challenge for governments.

Despite the advancements in regulation and law enforcement activity linked to cryptocurrency transactions, there is still a significant lack of oversight when it comes to ransomware payments. 

Reactions & Adaption By Threat Actors 

Hackers and ransomware groups continually demonstrate a capability to adapt to advancements in technology and law enforcement efforts. This observed pattern will almost certainly extend to a ban on ransomware payments. 

One of the more obvious potential pivots by ransomware groups would be to abandon the ransomware model entirely and begin to conduct attacks purely to exfiltrate data to either extort a victim or sell to the highest bidder. They may also revert to ‘direct theft’ operations where they divert payments from company accounts and payment systems. This would allow groups to continue to conduct attacks without ever deploying ransomware or asking for a ransom, bypassing any new legislation completely. 

Alternatively, ransomware groups with appropriate finances and infrastructure may simply shift targeting into geographies where legislation to ban ransomware payments does not exist.

Companies within these geographies that are not subject to regulatory scrutiny are much more likely to be attacked by ransomware groups. While the new legislation may reduce financial income for the groups, the significant reduction in transparency of their activities may indeed work in their favour as trends such as targeting and modus operandi may become harder to track for defenders and law enforcement. 

So What Does This Mean? 

It is clear that while banning ransomware payments may have an impact on the effectiveness of ransomware groups’ operations, the implementation and enforcement of the legislation would be a challenge for governments to achieve. So, although further legislation may lead to an overall reduction in attacks, monitoring and enforcement will remain the real challenge. This means that to support this, alternative methods for effectively combatting ransomware should also be considered. 

One viable solution would be the continuation of offensive action against infrastructure and networks used by ransomware operators, limiting their ability to stage and conduct attacks. Law enforcement and the judicial system should continue to take a strong stance against cybercriminals by shutting down their infrastructure and pursuing their illegal funds.

Similarly, increased regulation of cryptocurrency and cryptocurrency exchanges would help to reduce the profitability of ransomware attacks. Governments would be better able to monitor and regulate the flow of cryptocurrency, which would limit threat actor opportunities to receive and retain funds to reinvest into future attacks.

Increased information sharing and coordination between countries and businesses is also vital to stem the flow of ransomware attacks. Intelligence-sharing initiatives to identify and track ransomware groups, sharing of intelligence by victims, and joint law enforcement actions will prove pivotal in degrading the success of ransomware operations. 

While banning ransom payments would almost certainly be beneficial to some organisations that fall victim to attacks, such legal action may not be the optimal solution at this time. The proven capability and intent by threat actors to develop and adapt to law enforcement changes suggests that we would see ransomware attacks continue even if a ban were to be implemented. 

In the long term, a ban on payments may well prove to be an effective solution but only if it is implemented alongside alternative actions.

Antony Hogg is Senior Cyber Threat Intelligence Analyst at SecAlliance

You Might Also Read:

Negotiating Ransom: To Pay Or Not?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Big British High Street Retailer Attacked
The US Marshals Service Gets Hacked »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Bryan Cave LLP

Bryan Cave LLP

Bryan Cave LLP is a global business and litigation law firm. Practice areas include Data Privacy and Security.

Echelon

Echelon

Echelon Company is a provider of information security services specializing in certification of security software and hardware products in Russia.

OASIS Open

OASIS Open

OASIS Open is where individuals, organizations, and governments come together to solve some of the world’s biggest technical challenges through the development of open code and open standards.

PECB

PECB

PECB is a certification body for persons, management systems, and products on a wide range of international standards in a range of areas including Information Security and Risk Management.

AntemetA

AntemetA

AntemetA specializes in network infrastructure, security and cloud computing, helping companies transform their Information Systems.

Cask Government Services

Cask Government Services

Cask Government Services focuses on program management, cybersecurity, logistics, business analysis and engineering services for Federal, State and Local Government.

Recruit.net

Recruit.net

Recruit.net allows job seekers to instantly find millions of jobs from thousands of web sites with a single search.

Digital Fingerprints

Digital Fingerprints

Digital Fingerprints provides continuous authentication with behavioural biometrics. Protection against account takeover and session takeover. Compliant with GDPR and PSD2.

OurCrowd

OurCrowd

OurCrowd is a leading equity crowdfunding platform for investing in global startups.

Fortiphyd Logic

Fortiphyd Logic

Fortiphyd Logic equips operators of the power grid, oil & gas, and other critical infrastructure with the tools and training they need to defend their industrial networks from advanced cyberattacks.

Quantum Armor

Quantum Armor

Quantum Armor is a next-gen cyber security monitoring platform that allows you to continuously stay aware of your security posture, and proactively spot trends, vulnerabilities and potential attacks.

Quantexa

Quantexa

Quantexa automates millions of operational decisions, at scale, across multiple business units, including Anti-Money Laundering, Know-Your-Customer, Fraud, Credit Risk and Customer Intelligence.

Oort

Oort

Oort is an identity threat detection and response platform for enterprise security. The Oort platform is API-driven, cloud-native and agentless for rapid time to value and high scalability.

ThreatDefence

ThreatDefence

ThreatDefence provides innovative SIEM, SOC-as-a-Service, and proactive cyber defence solutions to MSP’s and Enterprises.

Sterling Information Technologies

Sterling Information Technologies

Sterling is an information security, operational risk consulting and advisory group. Our Advisory services help to safeguard information assets while supporting business operations.

Tychon

Tychon

Tychon develops advanced enterprise endpoint management technology that enables commercial and government organizations to bridge the gap between security and IT operations.