The US is pressing a group of foreign governments to agree to hard policy against businesses paying into hacker ransomware, according to deputy national security advisor Anne Neuberger.
Neuberger, in interview with Bloomberg, revealed that she was “hopeful” the countries in question would agree to this policy and explained that the ransom payments being exchanged were the “root cause” of an increase in attacks.
“Ransom payments are what’s driving ransomware,” explained Neuberger, “That’s the reason we think it’s so needed.”
Neuberger’s concerns are not without reason.
US software company Netskope’s 2023 Cloud and Threat Report, published today (17 Oct), found that around $457m of ransom was paid by businesses in 2022 alone.
Writing in an industry update, GlobalData analyst Amy Larsen DeCarlo reflected on the challenges of responding to ransomware after the high-profile attack on MGM this September.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataQuoting research by cyber insurance provider Coalition, DeCarlo stated that overall ransomware incidents appear to have increased 27% from January to June 2023. Businesses worth over $100m were the worst affected, being 20% more at risk of a ransomware attack than smaller companies. The cost of ransoms, she noted, had also risen dramatically to an average of $115,000 per claim.
“If we learn anything from these incidents,” she writes, “it is how woefully underprepared organisations are to defend their assets, including precious customer data, from a breach.”
DeCarlo describes the attack on MGM as a “lesson for every board of directors” to properly implement disaster recovery processes in the event of a breach.
Pravesh Kara, Director of Security at Content+Cloud as part of Advania Group, also shares Neuberg’s concerns around paying ransoms and explained why paying a ransom may not always end an attack.
“Paying a ransom adds further fuel to the fire, inciting repeat behaviour in ransomware groups,” Kara stated and explained that, often, paying a ransom does not guarantee a ransomware group will decrypt any data or assets.