Category: payment

In recent years, there has been a surge in reports of both public and private businesses making ransom payments to hackers responsible for deploying malware, particularly ransomware. However, there are some lesser-known facts that could be of interest to those curious about the outcomes following these payments.

According to a recent survey by Hiscox Group, a Bermuda-based insurance provider, a shockingly low 7% of victims who pay ransomware demands successfully retrieve their data from encryption. The majority of victims either lose significant portions of their data or are forced to rely on backups for recovery.

This trend arises from the fact that many cybercriminals do not honor their agreements after receiving ransom payments. As a result, ransomware actors are increasingly reluctant to reestablish access for victims, fearing that further interaction could bring them under the scrutiny of law enforcement.

Hiscox is widely known for its niche insurance offerings, including coverage for classic cars, kidnap and ransom, and personal accidents, in addition to the typical insurance products available from other providers.

Cybersecurity researchers argue that businesses are often coerced into meeting hackers’ ransom demands in an effort to minimize operational downtime, protect their reputations, and mitigate potential risks. Unfortunately, this approach inadvertently emboldens cybercriminals, giving them greater leverage to continue their attacks and spread ransomware to other entities.

This situation has led some experts to suggest that insurance companies should revise their policies. Specifically, they advocate for a clause that prohibits paying ransom demands. Instead, victims should be required to report these attacks to authorities. Such a policy could contribute to a more effective crackdown on ransomware operations, limiting their expansion and reducing the threat to other organizations across various industries.

In a related update, the Synnovis ransomware attack, which targeted a pathology technology provider serving the National Health Service (NHS) in London, highlights the severe consequences of these types of cyberattacks. The malware infection caused significant disruption, leading to the postponement of over 10,000 appointments related to acute outpatient care. Additionally, 1,700 elective procedures at King’s College Hospital NHS Foundation Trust and Guy’s & St Thomas NHS Foundation Trust were delayed.

The fallout from the attack included direct harm to patients, with two reported cases of severe harm, five cases of moderate harm, and 114 instances of low harm. This incident serves as a stark reminder of the potential for ransomware to not only disrupt operations but also endanger lives, underscoring the urgent need for enhanced cybersecurity measures and coordinated responses to such attacks.

The post Only 7 percent of organizations recover data after paying a ransom in malware attacks appeared first on Cybersecurity Insiders.

The United Kingdom is poised to implement a significant shift in its approach to tackling ransomware attacks, with a formal ban on ransomware payments set to be enforced. This ban will apply specifically to public and critical infrastructure sectors, which include essential services such as education, transportation, hospitals (including the NHS), and financial institutions like banks. On January 14th, 2025, the Home Office released a consultation white paper outlining this forthcoming policy change, which is expected to be formalized into an executive order in the near future.

The UK’s decision to introduce a ransomware payment ban follows in the footsteps of the United States, which has already taken steps to discourage businesses and public sector organizations from paying ransoms in exchange for decryption keys. The rationale behind this policy is to weaken the financial incentives for cybercriminals, thereby reducing the frequency of these devastating attacks that have caused significant disruptions across industries globally.

In addition to the payment ban, the proposal includes a mandatory requirement for businesses and organizations that experience ransomware attacks to report these incidents to law enforcement agencies within three working days. Failing to comply with this reporting requirement could lead to legal penalties and other repercussions. This measure is designed to ensure that attacks are swiftly addressed and that law enforcement can gather critical intelligence to track and dismantle ransomware operations.

The National Crime Agency (NCA), in partnership with the National Cyber Security Centre (NCSC), has already begun efforts to raise awareness about the new policy and its implications. These agencies will also encourage victims to share valuable intelligence with authorities, as timely reporting can help prevent further attacks. Proactively sharing information can also alert other vulnerable organizations, allowing them to bolster their defenses before becoming victims themselves.

One notable example of the success of such collaborative efforts is Operation Cronos, which led to the dismantling of the LockBit Ransomware group’s IT infrastructure. This operation was made possible through a coordinated effort between Europol, the FBI, and Interpol, demonstrating the importance of intelligence-sharing across borders to combat the global nature of ransomware threats.

While the ransomware payment ban could prove beneficial in discouraging cybercriminals, there are concerns that it could also have unintended consequences for the victims of these attacks. In some cases, businesses could face irreversible damage, including permanent closure or severe financial losses. Such outcomes may create challenges for the affected organizations, which could struggle to recover without the option to negotiate a ransom.

The debate around combating ransomware has also led to discussions about the potential for banning cryptocurrency payments, as these digital currencies are often used to facilitate ransom transactions. Countries such as Australia, Canada, New Zealand, and the UK have explored this idea, but implementing such a ban faces significant obstacles. Cryptocurrency transactions, particularly those based on blockchain technology, are notoriously difficult to trace and monitor, which makes enforcement challenging.

Despite these challenges, the UK’s proposed ransomware payment ban represents a bold step in the ongoing fight against cybercrime. If successful, it could serve as a model for other nations grappling with the growing threat of ransomware attacks. The hope is that this policy will yield positive results, curbing the frequency and impact of ransomware incidents and helping law enforcement agencies to dismantle criminal operations more effectively. As the NCA and NCSC continue their efforts to inform the public, the UK will be watching closely to see how this new approach unfolds in the coming months.

The post UK to follow America in imposing a ransomware payment ban appeared first on Cybersecurity Insiders.

During the Central Banking Summer Meetings 2024 in London, a group of security analysts explored the contentious issue of ransomware payments. They suggested that, in many cases, paying off hackers who spread ransomware may indeed yield results, given the alarming frequency of attacks involving data theft. This stolen information often ends up either leaked online or sold for profit.

Advocates for banning ransom payments should consider the limitations of law enforcement in such scenarios. Retrieving hacked and stolen data poses significant challenges, as there’s no foolproof method to reclaim data from cybercriminals who may have stored it across various IT infrastructures, both on-premise and geographically dispersed.

Initially, Ciaran Martin, head of Britain’s NCSC, supported the cessation of ransom payments. However, by March 2023, the head of GCHQ’s cyber arm concluded that this strategy didn’t effectively halt the proliferation of file-encrypting malware, raising doubts about its efficacy.

Nevertheless, it’s essential to recognize that there are avenues for addressing this issue. While paying a ransom may incentivize criminal behavior and doesn’t guarantee decryption, relying on robust data backups can mitigate financial losses, except in cases involving double extortion tactics.

Sharing insights into the nature and consequences of attacks can empower other organizations to implement proactive measures to combat similar threats.

Additionally, investing in comprehensive cyber insurance policies that cover various costs incurred during and after an attack emerges as a prudent strategy in navigating these increasingly prevalent cyber threats.

The post Ransomware payments work in some cases say experts appeared first on Cybersecurity Insiders.

In the year 2023 alone, hackers behind the rampant spread of ransomware amassed a staggering $1 billion in ransom payments, as disclosed by a comprehensive study conducted by blockchain research firm Chainalysis. This alarming figure, equivalent to the annual budget of several small Asian nations, marks a significant spike compared to previous years, doubling from $500 million in 2022. Experts warn that if law enforcement agencies and governments fail to implement effective measures, this amount could triple or even quadruple by 2026, as the proliferation of file-encrypting malware continues unabated with increasingly sophisticated tactics.

Chainalysis’s Crypto Crime Report 2024 highlighted a notable surge in ransomware payments following the 2023 MoveIT data breach, which saw major multinational corporations such as BBC and British Airways fall victim to the clop ransomware gang, believed to be backed by actors in Russia. According to insights shared by Recorded Future, a substantial portion of the payments can be attributed to the 639 officially reported ransomware victims, with half of them falling prey to cyber-attacks exploiting vulnerabilities in the MoveIT file transfer software.

The pressing question arises: Can banning crypto payments mitigate the ransomware epidemic? While imposing a ban could potentially restrict the flow of funds to criminal enterprises, the nature of cryptocurrency, being decentralized and largely untraceable, renders it difficult for governments to enforce such measures universally.

Instead, organizations are advised to prioritize robust data backup and application recovery systems to minimize downtime in the event of an attack. Furthermore, in cases of double and triple extortion ransomware tactics, prompt reporting to law enforcement becomes crucial, with hopes of apprehending the perpetrators before they can leverage their infrastructure and ensure the permanent deletion of stolen data from their servers.

The post Ransomware payments reached $1 billion in 2023 appeared first on Cybersecurity Insiders.

When a server falls victim to a ransomware infection, the urgency to regain access to critical data often leads to a difficult decision: paying the hackers’ demands. However, the reliability of ransomware criminals in conducting their “business” is far from guaranteed.

Are Ransomware Payments Legal?

First and foremost, it’s essential to understand that paying a ransom to cyber-criminals is generally considered illegal. In the United States, for instance, the International Emergency Economic Powers Act (IEEPA) can subject victims to government notices and legal consequences for making such payments. Moreover, many Western and Asian countries also deem digital currency payments for ransom as illegal.

The Alternative: Refusing to Pay

Opting not to pay the ransom is a risky but legal choice. If an organization has a robust backup system in place, it can often rely on these backups for data recovery. However, the effectiveness of this approach hinges on the speed of the recovery process, which directly impacts downtime.

Calculating the Cost of Data Recovery

The cost of data recovery after a ransomware infection is a primary concern for CIOs and CTOs. Using backup data is typically a cost-efficient method, but its success depends on the quality and speed of data recovery software. Alternatively, if an organization decides to pay the ransom, it must consider various expenses, including acquiring cryptocurrency, seeking assistance from forensic experts for ransom negotiation, and evaluating the consequences of giving in to the hackers’ demands.

The FBI’s Perspective

The Federal Bureau of Investigation (FBI) has taken a strong stance against ransomware payments. In November 2019, the FBI warned that paying a ransom doesn’t guarantee a decryption key. Even if a key is provided, there’s a high risk it may not work. Another concern is that paying the ransom can attract further attacks from the same cyber-criminals, especially if the underlying vulnerabilities that allowed the initial infiltration aren’t addressed.

When Backup Is Not an Option

In cases where viable backups are unavailable, victims should consider involving law enforcement agencies and following their guidance. It’s crucial to act cautiously, as making a ransomware payment ultimately fuels the underground economy of cyber-criminals.

Conclusion

In summary, dealing with ransomware is a complex and legally fraught endeavor. Organizations facing this threat must carefully weigh the risks and legal implications of making payments against the potential consequences of refusing to comply with hackers’ demands. Collaboration with law enforcement and cybersecurity experts is advisable when navigating this treacherous landscape.

The post Considerations to be made when dealing with Ransomware Payments appeared first on Cybersecurity Insiders.

Millions of dollars have been stolen from healthcare companies after fraudsters gained access to customer accounts and redirected payments. In a newly-published advisory directed at the healthcare payment industry, the FBI warns that cybercriminals are using a cocktail of publicly-available Personally Identifiable Information (PII) and social engineering techniques to impersonate victims and obtain access to […]… Read More

The post FBI warns of criminals attacking healthcare payment processors appeared first on The State of Security.

Ransomware has matured significantly over the previous decade or so. Initially thought to be a relatively basic virus that could be contained on a floppy disk, it can now damage global business infrastructures, stop healthcare systems dead in their tracks, mess with fuel supply networks, and disrupt transportation infrastructure. Its simplicity is what makes it […]… Read More

The post Are Protection Payments the Future of Ransomware? How Businesses Can Protect Themselves appeared first on The State of Security.