Can a global ban on payments stop the ransomware plague?

Representational image of a cybercriminal
Image Credit: Pixabay (Image credit: Pixabay)

In a decisive move, a new coalition of nations is clamping down on the ransomware epidemic by pledging to stop payments to cybercriminals. Led by the United States, The International Counter Ransomware Initiative represents an alliance of 40 countries that last month agreed to collectively refuse the demands of ransomware attackers, arguing that by resisting ransom demands, bad actors’ revenue streams will dry up and the global spate of attacks will diminish.

With ransomware still a burgeoning enterprise, it’s an important step in the right direction. That said, initiatives like these never serve as a silver bullet in and of themselves. They require resources, action, and accountability on behalf of all state and local governments involved to drive enforcement and resilience at scale. In addition, businesses need to ensure they’re doing their part to proactively shore up their security posture against rising threats. Here’s what all this looks like in action.

How a payment ban could hit ransomware gangs where it hurts

Most ransomware attacks today are the work of opportunist criminal gangs, out to make an easy profit. Ransomware has become especially popular in recent years because it’s such a reliable revenue stream, especially as the software supply chain grows increasingly interconnected, making widespread attacks even easier to carry-out and more profitable. Additionally, the advent of AI makes it simpler for anyone to profit from “ransomware as a service” operations.

When organisations are hit, they’re often willing to cough up cash to continue operations. Thus making “double extortion” attacks, or the opportunity to hit and extort from a single organisation more than once, increasingly commonplace. While we’ve seen some countries consider implementing ransomware bans in the past (the US federal government, for example, has a long-standing policy on refusing ransom payments), this is the first time we’re seeing talks of any legislation or commitment against ransomware on a more global scale.

Gary Barlet

Field CTO, Federal at Illumio.

What are the major challenges in implementing an international ban?

Instituting an international ban on ransom payments will be much easier said than done. For starters, it will require an immense amount of international collaboration. We’ll need to see more consistent and standardized processes across different regions in terms of how attacks are reported and to which authorities. It will also require more resources ear-marked towards advancing national cybersecurity efforts and continuous, rigorous monitoring on behalf of federal governments to ensure organizations operating within their jurisdiction are complying with the ban.

Just as the UK has seen with mandates like those on waste disposal and clean air bills, there will always be agencies and organizations that try to skirt the law out of sheer convenience. It’ll come down to enforcement, among and across borders, if we want to see any real or lasting impact.

Ban or not, organizations have to focus on owned resilience

The global initiative against ransom payments is an encouraging development, but in the meantime, organisations need to take security into their own hands. Even if the ban is implemented, it’s going to be some time before it takes effect, and cybercriminals aren’t slowing down.

To fight ransomware, organizations have to have a robust cyber strategy in place that prioritizes resilience, mitigation, and containment. There is still a tendency for enterprises to put all their efforts into solutions aimed at preventing ransomware attacks from occurring and few efforts aimed at limiting their impact. We know that attacks and breaches are inevitable – even with the most robust defenses in place.

As ransomware becomes even more widespread, organizations need to take an “assume breach” approach to their cybersecurity. That is to say: Assume an attack will eventually break through perimeter defenses, and plan for that eventuality.

Strengthening ransomware defenses with Zero Trust Segmentation

In accordance with assuming breach, organizations must shift their focus from solely preventing attacks to containing them. One of the best ways to contain attacks is with technologies that adhere to the Zero Trust framework – a model founded on “never trust, always verify” – like Zero Trust Segmentation (ZTS) or micro segmentation.

Essentially, ZTS leverages Zero Trust principles to section applications into separate, sealed areas. Because authentication is required and access is restricted between sections, this robs ransomware attacks of their momentum and notoriously widespread impact. Instead of tearing through the enterprise, they are contained at the point of entry.

If organizations can apply technologies like ZTS across environments and assets, from endpoints to the cloud, they can effectively create a more resilient enterprise that puts them in a better place to weather the effects of a ransomware attack and better detect and report attacks as they occur. This also enables organizations to better comply with new mandates and legislation, especially as tactics and adversaries continue to evolve.

The road ahead

The new global initiative against ransomware is certainly a step in the right direction, but it’s not a standalone solution. Organizations must take accountability for their own cyber resilience – and if they’re not securing their enterprises now, they’re going to be hit twofold when ransomware attacks inevitably succeed: first by the attackers themselves, and then by their customers and/or the federal government.

While initiatives like this aim to strengthen the global economy, it will only be as effective as it is enforced. It will be up to legislators to ensure that this ban, if it goes through, has real teeth.

We've featured the best business VPN.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here:

Gary Barlet is Field CTO, Federal at Illumio.