News
Withsecure Comment: Push to ban ransomware payments seen in AUS following Latitude Financial attack
April 2023 by Tim West, Head of Threat Intelligence at Withsecure
Following today’s news that there has been a new push to ban ransomware payments following Australia’s biggest cyberattack on Latitude Financial, Tim West, Head of Threat Intelligence at Withsecure comment:
“To preface my upcoming statement, I do want to say that I don’t condone the payment of ransoms and it is obviously less than ideal that ransomware payments help to facilitate the criminal industry, but legislators need to understand that there is no one-size-fits all policy that can be suitable to all victims of ransomware. I think there are two tenets to this we should consider: the ethical and the practical implications.
The argument that there are no guarantees about recovery does not hold much water when organisations are faced with certain collapse or possible recovery. This is a different scenario entirely from a large, regulated, and segregated organisation who might perhaps wish to pay a ransom to conceal the compromise from authorities, or the public. This demonstrates that there are multiple ethical panes to the ‘should one pay a ransom’ issue.
From a practical stance, Ransomware actors do fear action that they perceive will eat into their bottom line, and this is why there have been some successes with sanctioning some ransomware groups (essentially banning payments to specific entities). Many ransomware groups will try to fall ‘under the line’ that warrants a sanction and some even self-police this. To be honest I don’t know if this is a good thing or a bad thing, and whether ransomware groups will move to a war footing and employ a more aggressive stance to seek changes to the policy (i.e. target the vulnerable) is unknown. Ransomware families are demonstrably agile - and will probably fairly quickly find either a new way to monetise cyber-attacks (perhaps by turning back to targeting individuals like the trickbot of old, or as we see with cryptojacking) or find another way to evade the sanctions – perhaps through increased use of privacy coins.
In any case, in the example provided with Australia – paying or not paying a ransom has no bearing on the impact of the data that has already leaked, and I would urge legislators to de-incentivise payment and incentivise robust cyber security controls as a more effective method of deterrent. After all unless we directly targeting the cause instead of the symptoms of ransomware, it is unlikely these cyber criminals will simply retire.”
