Security experts have begun the year in combative mood after a leading security vendor called on the US government to ban ransomware payments.
Noted for its work in ransomware decryption, Emsisoft revealed new analysis this week claiming that 2207 US hospitals, schools and government entities were directly impacted by ransomware in 2023.
It argued that many more had been indirectly impacted via attacks on their supply chains, while thousands more private sector businesses were also likely to have suffered.
It cited research estimating ransomware is likely to have killed about one American per month between 2016 and 2021.
Given the mounting economic and societal harm and risk to life posed by ransomware, Emsisoft argued that it's time to take drastic action - noting that law enforcement, government and industry efforts have so far had minimal impact.
The firm dismissed the notion that a ban would force payments underground, especially from critical infrastructure providers like hospitals that have no other option, and that it would encourage threat actors to target these organizations.
The vendor claimed that a ban would not have to be watertight - it's just about ensuring that enough payments are stopped to ensure that ransomware ceases to become profitable.
Forescout VP and Europol special advisor, Rik Ferguson, agreed that a ransomware payment ban could force organizations to focus more on improving their security posture.
Where critical services are pushed offline or lives are at risk, organizations should always have the option to pay, Ferguson concluded.
This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 04 Jan 2024 10:35:10 +0000