Phish of the Week: Should we ban ransomware payments?

We’ve experienced a surge in ransomware, and we are getting attacked on all fronts–our oil, our burgers, hotdogs, our ferries, and our cities. And one possible reason for this surge in attacks is due to cyber insurance policies.

Like any of us in our own businesses, attackers have also goals and motives. And one of their biggest goals is commercial gain. The rise in Ransomware payments by organizations is creating a direct line of sight to that commercial gain for threat actors. These payments are often underwritten by Cyber insurance policies; and an increase in security risk insurance may actually contribute to the overall problem.

Many critics argue that by paying the ransom requested, we are, in effect, encouraging and actively contributing to these attacks. The more we pay, the more these attacks happen, the higher the premium, the more the payments and the cycle continues. 

The federal government is considering a phased proposal to ban ransomware payments in an effort to disincentivize threat actors. While such a ban would help in many ways, the implications are significant if it does go into effect. 

 
We’re curious to hear from you. What do you think?

Should  ransomware payments be banned? Or should organizations payout ransomware in an effort to maintain business continuity? 

Share your thoughts with us in a short poll here.

“If you are not taking steps – today, right now – to understand how you can make your company more resilient, what is your plan?” Monaco said in a nine-minute interview addressed to the nation’s business leaders. 

Deputy Attorney General Lisa Monaco tells CEOs to prepare for ransomware attacks. Want to learn more about how to prevent advanced ransomware attacks?

Check out our infographic guide to get quick tips.

This detailed infographic highlights:

  • The business impact of ransomware — the fastest-growing type of cybercrime
  • Six ransomware trends for 2021 — including threat actors hiring in open marketplaces and the rise of third-party brokers to negotiate ransoms
  • Best practices for addressing ransomware — before, during and after an attack
  • A security checklist — four key areas to look for in a solution that protects against ransomware attacks

 

Remote work leads employees and employers to be more susceptible to cyberattacks, phishing emails, and ransomware campaigns.

“As the lines between work and home have blurred, security risks have soared, and everyday actions such as opening an attachment can have serious consequences. Without all of the pre-pandemic sources of visibility of devices, and how they are being used and by who, IT and security teams are working with clouded vision.” Joanna Burkey, Chief Information Security Officer (CISO), HP Inc states.

As we move toward a hybrid work environment, human awareness is no longer (or actually, has never) been enough. What we need is the correct type of security program to fill any security gap.

Close the phishing gap, enhance signals, and improve incident repose times all with Area 1’s Autonomous Phish SOC. View the solution brief here.

Watch the highly awaited webinar Ransomware Threat Briefing: SolarWinds, Colonial Pipeline and More with Area 1 Security co-founder Oren Falkowitz to learn: 

  • In-depth analysis of the latest attacks on SolarWinds, the Colonial Pipeline, and more 
  • The role phishing plays in Ransomware attacks 
  • How Area 1 discovers, detects, and prevents attacks early in the cycle before they become large-scale campaigns 
  • How Area 1 gives you a critical time advantage – approximately 24 days ahead of industry benchmarks – to stop these attacks
Shalabh

Shalabh Mohan

VP, Product at Area 1

With a career spanning 20 years fighting bad guys online, Shalabh leads all product and go-to-market functions at Area 1 Security, with extensive prior experience across security, enterprise, and cloud infrastructure companies such as Aspen Networks, IronPort Systems, Cisco and Bracket Computing. Shalabh and his teams have taken products from conception all the way to large scale businesses; and in the process have consistently helped make the Internet a safer place. An alumnus of Stanford University and the University of Texas at Austin, Shalabh holds five patents and can claim to know something about enterprise infrastructure and security.

How to replace your email gateway with Cloudflare Area 1

Leaders and practitioners responsible for email security are faced with a few truths every day. It’s likely true that their email is cloud-delivered and comes with some built-in protection that does an OK job of stopping spam and commodity malware.

Introducing email link isolation – Email gateway replacement playbook

This week was a big one for us at Cloudflare, one of our four innovation weeks which we hold annually, showcasing new developments, product news and reference architectures.

Superhero strategies for the Phish Fight

Today is National Superhero Day, and we would like to dedicate this day to you—the SOC teams and the security experts on the frontline of the phish fight.