US Government Unlikely to Ban Ransomware Payments
July 29, 2021 – Article posted on Dark Reading
The US government is unlikely to make it illegal for organizations to pay ransoms to regain access to data following a ransomware incident or to keep cybercriminals from releasing sensitive data following a breach.
On July 27, Bryan Vorndran, assistant director of the FBI’s cyber division, told lawmakers on the US Senate Committee on the Judiciary that the agency does not recommend companies pay ransoms because it doesn’t guarantee the business will regain access to their data or prevent data from ultimately being leaked. However, Vorndran also stressed that banning ransomware payments is not the way to go — companies should always have the option, he said.
Ransomware payments have become one facet of the debate over how companies and governments should handle cyberattacks, which have cost US and Western European companies billions of dollars over the past few years.
The problem has become so bad that some insurance firms will no longer pay ransoms to bail out affected companies.
Yet even companies that take security seriously run the risk of being breached by ransomware, says Mark Lance, a ransomware negotiator and head of incident response at GuidePoint Security. Lance agrees that banning ransomware payments would be bad and likely would not prevent ransoms.
“You can have all the organizations all over the world take security seriously, and it only takes one mistake to be hit by this,” he says. “Early on there was a tendency to name and shame companies after a breach, and now we are seeing that threat has continued to expand, which is leading to companies worrying if they could be next.”
Read More HERE.