Logo Threat Intelligence

Disrupting the Ransomware Industry

Threat Intelligence • Jun 14, 2021

I recently read a blog post by Matthew Rosenquist titled “Paying Ransomware Should be Illegal”. Long story short, the concept is that if paying the ransom is made illegal with significant penalties (with even jail time being suggested), then the revenue streams for ransomware would be significantly impacted that would reduce the number of threat actors and active ransomware campaigns.

Are illegal ransomware payments a feasible idea?

Making ransomware payments illegal is certainly an interesting idea, but is it feasible? Based on our experience, let’s step through our experience with different sized organizations.

Our Experience with Ransomware Industry and Extortion

On a weekly basis our team perform Rapid Response to help breached organizations who fall victim to major ransomware and/or extortion campaigns to get their business back up and running quickly.


Mature Enterprises and Government Departments


In nearly all cases where there are multi-million dollar ransoms, we have found that if the organization is large enough to afford to pay a multi-million dollar ransom then they already have a Business Continuity Plan, Disaster Recovery Plan and also a solid backup and recovery solution in place where around 97% of systems and data can be restored. In this case, there is no need to even consider paying a ransom. This makes the concept sound feasible to deem ransomware payments as illegal.


Immature Startups and SMBs


The problem arises with smaller companies with limited security or backups where their entire business and their family life (losing their sole income to pay their house repayments, petrol, kids schooling, food, clothes, etc) is being held to ransom with no other option than to pay.
When looking at it with a personal lens on where people will lose their house if they don’t pay a $700 ransom, it’s not feasible to expect them not to pay. This is likely to force them to pay in an “underground manner” to avoid detection whilst getting their business and life back on track.
In this case, the only feasible option for these businesses is to pay the ransom. This suddenly puts a question mark over making ransomware payments illegal, or at least makes it a more complex proposition.


Immature Enterprises and Government Departments


Now here is where we get to a really interesting situation. Large organizations who have limited security and no backups.
This is the major concern that we are really talking about since these organizations are forced into paying multi-million dollar ransomware payments to keep their business alive and keep hundreds or thousands of staff employed.
In industries like Critical Infrastructure, this can have major effects on the wider community or even the country. This was seen with the US pipeline being affected, as well as the JBS meat processing and distribution, both of which affected multiple countries.
These multi-million dollar ransomware payments inject a significant amount of revenue into the ransomware campaign, which funds the next round of campaigns to scale up the attacks even further that then have a knock on effect to hundreds of other businesses.
In this case, we have a conflicting situation where we need to recover the large organization but we are also funding future attacks.
So what is the greater good?


Negligence and Ransomware Payment Fines


Unfortunately, and apologies if this offends some readers in the above situation, but an enterprise without sufficient security or backups can be classified as negligence. Don’t get me wrong, I understand the challenges and I am sympathetic to your situation.


When we start throwing around the term “negligence” then we start talking about breaching criminal laws. This introduces the option of introducing major fines if you make a ransomware payment. Let’s say for arguments sake that the fine is 3 times the ransomware payment. What this does is significantly increase the cost of paying the ransom and acts as a significant deterrent. This is also an automatic sliding scale where SMBs don’t go under but are likely to then invest in security moving forward, and major enterprise breaches that provide significant funding to ransomware gangs are hit harder and so are deterred from paying the ransom.

Conclusion

This approach could have multiple effects. This may reduce the number of large ransoms being paid in the region that then redirects the ransomware attack elsewhere. It may also encourage large organizations to invest in their security and backup strategies to prevent the breaches occurring.
On top of this, it introduces a nice revenue stream for Governments that would encourage the adoption of the approach on a wider scale.

Our Rapid Incident Response Approach

Our specialist security team execute Rapid Incident Response that is up and running in less than an hour. This is achieved by using our Evolve Security Automation Cloud to orchestrate the following automated security capabilities in minutes:
  • 13 minutes – Automated SIEM with EDR Orchestration
  • 10 minutes – Automated External and Internal Penetration Testing
  • 3 minutes – Automated Compromised Account Monitoring
  • 10 minutes – Automated Incident Response
  • Automated Evidence Collection, Analysis and Response
  • 8 minutes – Automated DNS Sinkhole with Cyber Threat Intelligence

This approach provides immediate fine-grained visibility into malicious activity, leaked passwords, exploitable systems, breached systems and backdoor communications. At the same time, this approach enhances your organization’s security posture to prevent a second attack from being successful whilst also allowing for ongoing security assurance over your systems, your data and your business.
You also gain the added benefit of augmenting your team with our security specialists to ensure that you have a strong security strategy and effective controls moving forward.
Register a free Evolve account to start your security automation journey.

AI in Pen Testing
By Anupama Mukherjee 25 Mar, 2024
In this blog post, we will explore how AI can enhance cybersecurity through pen testing, and the risks of using AI in this way.
AI in Cybersecurity
By Anupama Mukherjee 13 Mar, 2024
In this article, we will discuss the role of AI in protecting digital assets from cybercrime.
IRAP Assessments
By Anupama Mukherjee 07 Mar, 2024
In this blog post, we're breaking down IRAP, who it applies to, and how to achieve it. This content has been created with the help of our Technical GRC Specialist, Sam Panicker.
2024 Cybersecurity Trends
By Anupama Mukherjee 04 Mar, 2024
And as the year draws to a close, the question that remains is: What will the new year hold for the cybersecurity industry? Find out in this blog post!
Share by: