A recent article on ZDNET discussed the potential impact of the Ransom Disclosure Act proposed by Senator Elizabeth Warren and Representative Deborah Ross in the US.
In essence, the proposal is to require certain entities to disclose to the Secretary of Homeland Security the details of any ransom payment made. It is the latest in a series of new regulations and proposals aimed at improving the cybersecurity stance of the US.
The aim of the bill is to provide DHS with better information about ransomware attacks to help counter the threat they pose to businesses and other organisations across the United States.
“Ransomware attacks are skyrocketing, yet we lack critical data to go after cyber criminals,” said Senator Warren. “My bill with Congresswoman Ross would set disclosure requirements when ransoms are paid and allow us to learn how much money cyber criminals are siphoning from American entities to finance criminal enterprises – and help us go after them.”
The threat of ransomware has loomed large throughout this year and several incidents have had a direct impact on people’s daily lives. The Colonial Pipeline ransomware attack led to a shortage of gas in the North Eastern United States as people rushed to stockpile – the company paid cyber criminals millions of dollars in order to get the decryption key.
Meat processor JBS USA paid an $11 million ransom to cyber criminals after falling victim to a ransomware attack in June. While the FBI discourages the payment of ransoms, many victims feel the need to make the payment, perceiving it as the quickest way to get the network up and running again.
Information about the perpetrators of ransomware may go some way to helping protect organizations in the future, but it will have limited impact in the short run. Cybercriminals have become accomplished at targeting organisations with ransomware. Their victims need to be big enough to afford a ransom in the millions and, just as importantly, need to be dependent upon business continuity. The reason businesses pay ransoms is not because they want to minimise the inconvenience (at least not directly). It’s because the opportunity cost of business disruption far outweighs the cost of the ransom. If a business is losing millions in revenue every day its systems are down, the people holding it to ransom are in a strong position.
If we really want to make a difference, we need to think differently. Stop reacting and start being more proactive.
Since the turn of the century, accessibility and usability have been key influencing factors on infrastructure development. Ubiquitous connectivity, collaborate anywhere, cloud access, edge computing. Whilst they all help contribute to an excellent user experience, they introduce risk. If we are to combat the rising tide of malware and cybercrime we need to be thinking about security first. The secure infrastructure of tomorrow needs to be built upon a zero trust model and combine the best of prevention and protection technologies. This means proactive malware protection that is not dependent upon the prior disclosure of threats or the presence of a recognisable signature. It also means the use of authenticated encryption to ensure not just the confidentiality, but the integrity and authenticity of network transmitted data.
Trust nothing. Encrypt everything.