Ciaran Marin, former head of cybersecurity at Britain’s National Cyber Security Centre, says ransomware ransom payments are a way to inadvertently “fund” cybercriminals and their illicit activities and should be banned in the UK.
The former head of cybersecurity at the NCSC, Britain's National Cyber Security Centre, Ciaran Marin, is proposing a bill in which it requests to prohibit the payment of ransoms by companies, businesses, and other victims of attacks of ransomwareThe former official believes that paying these ransoms is a way of inadvertently “financing” cybercriminals, giving them the financial resources necessary to continue committing their crimes and affecting more victims.
The new bill seeks to prohibit the country's insurers from covering such situations. According to review A local media outlet, Marin points out that insurance and coverage companies, which offer products and services against cyberattacks and other computer crimes, are financing cybercriminals without knowing it.
When companies fall victim to ransomware attacks, they ask insurers to cover the ransom demanded by cybercriminals to release the information and data hijacked during the attack. When insurers pay the ransom, there is no guarantee that the cybercriminals will return control of the information to the victims, nor is there any guarantee that the data will not be exposed on the Internet. In fact, it is quite common for companies to pay a ransom and never recover the hijacked information, which is why the former head of cybersecurity at the NCSC warns that this is only funding organised crime.
It may interest you: Hackers attack Telecom and demand a ransom of $7,5 million in Monero
Incentive for organized crime
In addition to funding organised crime, Marin also points out that paying ransoms for ransomware attacks will only encourage cybercriminals to continue their illicit activities. Rather than reducing the risk of these attacks, it will actually encourage the frequency and regularity with which they can occur. Ransomware attacks, according to Marin, are becoming a fad and could spiral out of control.
The authorities, who have also called for not paying the ransoms, agree with the opinion of this former NCSC official. According to several sources, Reports, the demand for payments for extortion and computer data kidnapping grew to worrying levels in 2020, and may continue to expand in 2021 if companies continue to pay the requested ransoms.
Health, government and cryptocurrencies are the most affected
Hacker and cybercriminal groups are targeting businesses and companies from various sectors, but mainly the health sector and government entities; as well as individuals. The arrival of the COVID-19 pandemic in 2020 accelerated the need for digitalization, pushing many companies towards digital transformation to ensure the provision of their services, and increasing the risk of falling victim to this type of attack.
ESET, a cybersecurity company based in Slovakia, published a report indicating that the ransomware group with the ability to steal and even mine cryptocurrencies, as the Bitcoin (BTC), Ethereum (ETH) y Monero (XMR), is also growing, posing a triple threat to the security of users and digital assets. In fact, many of these organized groups have announced publicly how lucrative it was to exploit security vulnerabilities in companies, hold their data hostage and then demand ransoms for it in 2020.
In defense against the threat of data leaks
Given the increasing frequency of these cyberattacks, Marin is calling on the UK government to ban insurers and businesses from making ransom payments for ransomware, just as it banned ransom payments for kidnapping threats.
On the other hand, although the new modality of these organized groups is to request payment of ransoms in cryptocurrencies, such as Bitcoin, the trend is decreasing due to the transparency offered by this network.
Bitcoin in favor of dismantling ransomware networks
Recently, the FBI and the United States Department of Justice (DOJ) announced the arrest of a NetWalker ransomware operator, who was seized $454.530 USD in bitcoins. The operation was successful due to the tracking of Bitcoin addresses associated with the cybercriminal, who had extorted several companies. Likewise, the security and intelligence firm blockchain, Chainalysis, published a report of a research related to the arrest of this ransomware operator by the DOJ and the FBI, in which another 345 associated bitcoin addresses were detected where the operator contained close to 27 million dollars.
The security firm notes that its effective intelligence tools helped bolster government agencies’ investigations by tracking down funds related to ransomware. Chainalysis also noted that it has tracked more than $46 million associated with NetWalker, while the figure related to ransomware attacks such as Ryuk, Maze, Doppelpaymer, Sodinokibi, and more amounts to about $350 million in 2020.
Although the ransomware trend grew in 2020, the use of bitcoins in these illicit activities is decreasing due to the potential for authorities to track transactions in this cryptocurrency, within its public, open and transparent blockchain.
ciphertra by, another cybersecurity firm, notes that cryptocurrency cybercrime is declining, while in the decentralized finance ecosystem (DeFi) appears to be growing exponentially.
Continue reading: Pay2Key's “double extortion” is a new threat to your data
