Cor blimey! How many times have our mates over at the FBI and CISA urged companies not to pay the ransom in cyber-attacks? It only eggs the hackers on to do it more, they say. But the flip side is, a total ban could drop us right in it. Just recently on Jan 14, our UK government kicked off an open chat, come consultation, on potential laws to reduce payouts to cyber crims while also increasing reports of such incidents.
Interestingly, across the pond in the U.S., their Department of the Treasury gets involved in the shuffle. It’s got a group called the Office of Foreign Assets Control (OFAC) which puts the squeeze on certain foreign troublemakers and their regimes, including these ransomware ne’er-do-wells. Victims who cough up without the government’s nod could be up shuckster creek.
Not just that, some American states, Florida, North Carolina, and Tennessee, to name a few, have put their foot down and blocked state bodies from paying any kind of ransom. Spot of bother is, nobody’s quite sure yet whether that’s led to fewer attacks.
Anyway, enough waffling about what the Yanks are up to. Let’s have a chinwag about our own backyard. The healthcare sector, for one, is a bit of sticky wicket. A couple of years ago, yours truly would have said it was a fair cop if hospitals and emergency services coughed up the ransom. I mean, we’re talking about saving lives ‘ere! But it turns out such a stance indirectly eggs on these unsavoury sorts even more.
I had a bit of to and fro recently with one of these cyber nogoodniks and he couldn’t resist boasting about his successes while digging into healthcare. He suggested that more often than not, they’d make a mint from American targets. Apparently, the ones that come across are pharmaceutical companies and insurers. Not exactly cricket, is it?
So, what’s to be done? In 2021, a group called the Ransomware Task Force went public with their game plan. Couple of years on, they back it up with a Roadmap for potentially prohibiting all ransom payments. They reckon it’s about minimizing the payouts whilst putting in place milestones before we even contemplate an outright ban. Sounds proper complicated!
And let’s not forget the elephant in the room. The Yanks had a right palaver in 2024 when a company, Change Healthcare, got hit. We’re talking not getting paychecks, taking loans to stay afloat, interrupted patient care, the whole kit ‘n caboodle.
So, it’s not a surprise when the aforementioned bad guy revealed that it’s typically the “pharmas and insurers” who buckle under the pressure. As much as I’d love to see a complete ban on ransom payments, it’s a bit of a pickle when lives are hanging in the balance.
To ban or not to ban, it’s a bit of Hobson’s choice, ain’t it?
by Parker Bytes
