Ransomware: should payments be banned?

Computer code on blue background

Ransomware now accounts for as much as 90% of cyber attacks. And over the last 10 years, ransomware has grown steadily in volume, but also as a threat.

Ransomware is not just about encrypting data; it can also stop production systems, and expose confidential data.

Regulators and law makers are increasingly concerned about the money being paid out to ransomware groups. Often, the ransom is used to fund further crime, and not just in cyberspace.

One option being considered is to ban ransom payments, with firms facing penalties or even prosecution if they pay. But will this actually improve security, or might it make matters worse?

One argument is that banning ransom payments cuts off a viable commercial option for firms hit by ransomware. Another is that fining organisations is punishing the victims of crimes.

Our guest this week is Ian Thornton-Trump, CISO at Cyjax. He believes that calls to ban ransomware are misplaced; a ban gives firms fewer options when it comes to responding to an attack. And fines for paying ransoms is further punishing victims of cybercrime.

Of course, the best way to avoid paying a ransom is to block the attack in the first place. And organisations can do more to close down the more basic vulnerabilities, he argues.

Interview by Stephen Pritchard.

Image by Reto Scheiwiller from Pixabay