Phish of the Week: Should we ban ransomware payments?

We’ve experienced a surge in ransomware, and we are getting attacked on all fronts–our oil, our burgers, hotdogs, our ferries, and our cities. And one possible reason for this surge in attacks is due to cyber insurance policies.

Like any of us in our own businesses, attackers have also goals and motives. And one of their biggest goals is commercial gain. The rise in Ransomware payments by organizations is creating a direct line of sight to that commercial gain for threat actors. These payments are often underwritten by Cyber insurance policies; and an increase in security risk insurance may actually contribute to the overall problem.

Many critics argue that by paying the ransom requested, we are, in effect, encouraging and actively contributing to these attacks. The more we pay, the more these attacks happen, the higher the premium, the more the payments and the cycle continues. 

The federal government is considering a phased proposal to ban ransomware payments in an effort to disincentivize threat actors. While such a ban would help in many ways, the implications are significant if it does go into effect. 

We’re curious to hear from you. What do you think?

Should  ransomware payments be banned? Or should organizations payout ransomware in an effort to maintain business continuity? 

Share your thoughts with us in a short poll here.

“If you are not taking steps – today, right now – to understand how you can make your company more resilient, what is your plan?” Monaco said in a nine-minute interview addressed to the nation’s business leaders. 

Deputy Attorney General Lisa Monaco tells CEOs to prepare for ransomware attacks. Want to learn more about how to prevent advanced ransomware attacks?

Check out our infographic guide to get quick tips.

This detailed infographic highlights:

  • The business impact of ransomware — the fastest-growing type of cybercrime
  • Six ransomware trends for 2021 — including threat actors hiring in open marketplaces and the rise of third-party brokers to negotiate ransoms
  • Best practices for addressing ransomware — before, during and after an attack
  • A security checklist — four key areas to look for in a solution that protects against ransomware attacks


Remote work leads employees and employers to be more susceptible to cyberattacks, phishing emails, and ransomware campaigns.

“As the lines between work and home have blurred, security risks have soared, and everyday actions such as opening an attachment can have serious consequences. Without all of the pre-pandemic sources of visibility of devices, and how they are being used and by who, IT and security teams are working with clouded vision.” Joanna Burkey, Chief Information Security Officer (CISO), HP Inc states.

As we move toward a hybrid work environment, human awareness is no longer (or actually, has never) been enough. What we need is the correct type of security program to fill any security gap.

Close the phishing gap, enhance signals, and improve incident repose times all with Area 1’s Autonomous Phish SOC. View the solution brief here.

Watch the highly awaited webinar Ransomware Threat Briefing: SolarWinds, Colonial Pipeline and More with Area 1 Security co-founder Oren Falkowitz to learn: 

  • In-depth analysis of the latest attacks on SolarWinds, the Colonial Pipeline, and more 
  • The role phishing plays in Ransomware attacks 
  • How Area 1 discovers, detects, and prevents attacks early in the cycle before they become large-scale campaigns 
  • How Area 1 gives you a critical time advantage – approximately 24 days ahead of industry benchmarks – to stop these attacks

Shalabh Mohan

VP, Product at Area 1

With a career spanning 20 years fighting bad guys online, Shalabh leads all product and go-to-market functions at Area 1 Security, with extensive prior experience across security, enterprise, and cloud infrastructure companies such as Aspen Networks, IronPort Systems, Cisco and Bracket Computing. Shalabh and his teams have taken products from conception all the way to large scale businesses; and in the process have consistently helped make the Internet a safer place. An alumnus of Stanford University and the University of Texas at Austin, Shalabh holds five patents and can claim to know something about enterprise infrastructure and security.

Understanding the Four Business Email Compromise Attack Types

Business Email Compromise (BEC), also sometimes referred to as email account compromise (EAC) or vendor email compromise (VEC), is a type of phishing attack that takes advantage of an existing relationship between a victim and organization.

Area 1 Security Announces the Most Spoofed Brand of 2021

Dear America’s sports-loving, company-securing fans: Before you find yourself glued this weekend to (what some call) THE biggest game in college basketball history, we are here to crown the 2022 March Hackness winner!

2022 March Hackness: The Return of the Phishing Bracket

Area 1 Security’s Sixth Annual March Hackness: The Perfect Phishing Bracket is here! Learn who made the list of the top brands that attackers use in phishing lures.