Top officials again push back on ransom payment ban

The Institute for Security and Technology's Ransomware Task Force threw cold water on the need for a ransomware payment ban in a report released Wednesday.
Most of the RTF's recommendations are already in place, under development or at least partially underway.
All but one of the proposals were originally shared in a report the group released in September 2021.
Of the RTF's 16 proposals, more than half are already done or in the works.
Two of the primary efforts RTF is calling for were completed or advanced in the last couple years.
Publicly traded companies must now report report material cyber incidents and disclose cyber governance and risk management strategies to the Securities and Exchange Commission.
The Cybersecurity and Infrastructure Security Agency's proposed rule for the Cyber Incident Reporting for Critical Infrastructure Act of 2022 will compel upwards of 316,000 U.S. critical infrastructure owners, operators and suppliers to quickly divulge cyberattacks and ransom payments.
Organizations are already prohibited from making ransom payments to individuals or entities sanctioned by the U.S. Department of Treasury's Office of Foreign Assets Control.
Debates and policy discussions aimed at curtailing ransomware activity have shifted over the past 18 months as ample evidence emerges that current efforts to deter ransomware aren't working.
Ransomware victims in the U.S. paid $1.5 billion in ransoms between May 2022 and June 2023, a senior administration official said in November.
Almost 5,200 organizations were hit by ransomware attacks in 2023, according to Rapid7.
The Biden administration decided against an outright ban on ransom payments in September 2022, but White House officials revived the potential policy change in mid-2023 through the International Counter Ransomware Initiative.
Brett Callow, threat analyst at Emsisoft, who kicked off the year calling for a complete ban on ransom payments remains a stalwart proponent of the measure.
The RTF contends ransomware attacks haven't decreased in states, such as Florida and North Carolina, that previously introduced such bans, but Callow disagrees with that argument because it's limited in scope.
Instead of introducing a strict extortion payment ban on organizations hit by ransomware attacks, the RTF is calling for resolve and a commitment to redouble efforts already underway.
The group is helmed by eight co-chairs, including former cyber authorities such as Kemba Walden, who served as acting national cyber director throughout most of 2023 and is now president of Paladin Global Institute.


This Cyber News was published on www.cybersecuritydive.com. Publication date: Tue, 16 Apr 2024 19:58:03 +0000


Cyber News related to Top officials again push back on ransom payment ban

Top officials again push back on ransom payment ban - The Institute for Security and Technology's Ransomware Task Force threw cold water on the need for a ransomware payment ban in a report released Wednesday. Most of the RTF's recommendations are already in place, under development or at least ...
8 months ago Cybersecuritydive.com
Montana Loses in US Court - States can't just ban apps, says federal judge. The judge ruled the state can't stop app stores offering an app. How would you even enforce a statewide ban? In today's SB Blogwatch, we ponder the great firewall of Montana. "Paternalistic ...
1 year ago Securityboulevard.com
Ransomware payment ban: Wrong idea at the wrong time The Register - Opinion A general ban on ransomware payments, as was floated by some this week, sounds like a good idea. This is because a payment ban would inevitably have to include an exception for incidents where not paying the ransom poses a serious risk of ...
11 months ago Go.theregister.com
More than $100 million in ransom paid to Black Basta gang over nearly 2 years - The Black Basta cybercrime gang has raked in at least $107 million in ransom payments since early 2022, according to research from blockchain security company Elliptic and Corvus Insurance. The group has infected more than 329 victim organizations ...
1 year ago Therecord.media
Congress Should Give Up on Unconstitutional TikTok Bans - TAKE ACTION. TELL CONGRESS: DON'T BAN TIKTOK. As a first step, H.R. 7521 would force TikTok to find a new owner that is not based in a foreign adversarial country within the next 180 days or be banned until it does so. If deemed a national security ...
9 months ago Eff.org
CVE-2015-2165 - Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) portal, (2) fromDate, (3) ...
5 years ago
To tap or not to tap: Are NFC payments safer? - These cards required insertion into payment terminals and authentication with a PIN, marking a shift toward more secure transaction methods. These cards were still susceptible to cloning or information theft, though perpetrating such crimes was more ...
1 year ago Welivesecurity.com
EFF Urges Ninth Circuit to Hold Montana's TikTok Ban Unconstitutional - Montana's TikTok ban violates the First Amendment, EFF and others told the Ninth Circuit Court of Appeals in a friend-of-the-court brief and urged the court to affirm a trial court's holding from December 2023 to that effect. Montana's ban prohibits ...
7 months ago Eff.org
EquiLend back in action as ransom payment rumors swirl The Register - Global securities finance tech company EquiLend's systems are now back online after announcing a disruptive ransomware attack nearly two weeks ago. EquiLend was founded in 2001 by some of Wall Street's biggest players - its board of directors ...
10 months ago Go.theregister.com
Top 42 Cybersecurity Companies You Need to Know - As the demand for robust security defense grows, the market for cybersecurity technology has exploded, as have the number of available solutions. To help you navigate this growing market, we provide our recommendations for the world's leading ...
1 year ago Esecurityplanet.com
The Top 24 Security Predictions for 2024 - For 2024, top topics range from upcoming elections to regional wars to space exploration to advances in AI. And with technology playing a more central role in every area of life, annual cybersecurity prediction reports, cyber industry forecasts and ...
1 year ago Securityboulevard.com
Google and Apple Admit Government Spies On Users Via Push Notifications - Government authorities have been snooping on smartphone users via push notifications sent out by applications, wrote a US senator in a letter to the Department of Justice on December 6. Senator Ron Wyden of Oregon has requested that the Department of ...
1 year ago Cysecurity.news
Ban on ransomware payments? The alternative isn't working The Register - Emsisoft has called for a complete ban on ransom payments following another record-breaking year of digital extortion. On average, these attacks cost targets about $1.5 million to rectify. This included 46 American hospital systems, 108 K-12 school ...
11 months ago Go.theregister.com
Cybersecurity Crisis Looms: FBI Chief Unveils Chinese Hackers' Plan to Target US Infrastructure - As the head of the FBI pointed out Wednesday, Beijing was positioning itself to disrupt the daily lives of Americans if there was ever a war between the United States and China if it were to plant malware to damage civilian infrastructure. U.S. ...
10 months ago Cysecurity.news
Kansas Courts' Computer Systems Are Starting to Come Back Online, 2 Months After Cyberattack - The court system in Kansas has started bringing its computer system for managing cases back online, two months after a foreign cyberattack forced officials to shut it down along with public access to documents and other systems, the judicial branch ...
1 year ago Securityweek.com
Experts Clash Over Ransomware Payment Ban - Security experts have begun the year in combative mood after a leading security vendor called on the US government to ban ransomware payments. Noted for its work in ransomware decryption, Emsisoft revealed new analysis this week claiming that 2207 US ...
11 months ago Infosecurity-magazine.com
Accepting Ethereum for Businesses, An Overview - For a business looking to stay ahead of the curve, opting to accept Ethereum payments could be the key to unlocking a new world of opportunities. Accepting Ethereum payments offers businesses global market reach, cost-effectiveness, privacy and ...
10 months ago Hackread.com
Police Can Spy on Your iOS and Android Push Notifications - While Wyden's letter says that governments outside the US have requested people's push notification records, the Federal Bureau of Investigation has done so as well. A February 2021 search warrant application submitted by an FBI agent to the US ...
1 year ago Wired.com
4 Security Tips From PCI DSS 4.0 Anyone Can Use - To security professionals, compliance may not be the sexiest subject, but is an important one for a variety of reasons. Security teams are important stakeholders in governance, risk, and compliance efforts, and, thus, their efforts deserve an ...
9 months ago Darkreading.com
Estes Declines Ransom Demand Amidst Personal Data Breach and Theft - Estes Express Lines, a major private freight shipping company in the United States, has notified over 20,000 customers about a security breach where their personal information was stolen by unknown hackers. The company revealed that on October 1, ...
11 months ago Cysecurity.news
Survey: Election Workers Feel Unprepared for Upcoming Cyberthreats - The issues of outside interference in U.S. elections and the security of the systems behind them have been talked and debate for at least a decade and promise to be at the forefront again as the country gears up for what promises to be a pivotal ...
11 months ago Securityboulevard.com
Arctic Wolf Survey Surfaces Election Security Fears - A survey of 136 state and local government leaders in the U.S. published today finds nearly half expect to see an increase in the number of cybersecurity incidents involving elections in 2024. Conducted by the Center for Digital Government on behalf ...
11 months ago Securityboulevard.com
CVE-2018-0657 - Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE (EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG ...
6 years ago
Bucks Co. emergency dispatch system down for days due to cyberattack - Law enforcement officials in Bucks County are working to restore services to its computer-aided dispatch system, or CAD system, after a cyberattack on Sunday crippled the service. County officials said 9-1-1 services remain operational and first ...
10 months ago Nbcphiladelphia.com
Yamaha Motor confirms ransomware attack on Philippines subsidiary - Yamaha Motor's Philippines motorcycle manufacturing subsidiary was hit by a ransomware attack last month, resulting in the theft and leak of some employees' personal information. "One of the servers managed by [.] motorcycle manufacturing and sales ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)