Should we ban ransomware payments?

The United States has a firm no negotiation policy with terrorists. Should we do the same with cybersecurity threat agents?


Ransomware attacks are one of the fastest-growing types of cybercrime in the modern world. 


What is ransomware?

Ransomware is a type of malware that blocks access to your data or system. The hacker holds your information hostage until you pay a ‘ransom.’ 

And these kinds of attacks have disastrous impacts on our businesses, society, and world. Based on research, it is estimated that the total global ransomware damage costs to be $20 billion in 2021 alone, and we’re not even through the summer! The damage is far from over. In fact, it’s going to get worse.


Why are ransomware attacks increasing?

One fascinating reason for the surge in recent attacks is due to cyber risk insurance policies. Under the current cyber risk policy, insurance protects you in case of an attack, which can include data breach, malware infection, cyber extortion, business email compromise, and of course, ransomware. 

However, cybersecurity risk insurance may contribute to the overall problem. Critics argue that by paying the astronomical ransom requested, we are, in effect, encouraging and actively contributing to the ransom attacks. The more we pay, the more attacks happen, the higher the premium, the more the payments. In effect, paying ransoms is not protecting you but a gift to the hackers.


Should we ban ransomware payments?

Much like how the United States government has a zero-tolerance, zero-negotiation policy for terrorism and hostage payments, we should also implement a similar ban on ransomware payments to threat actors.

If we do not have a protocol, we inadvertently encourage bad actors to launch ransomware attacks. This leads to an even more challenging environment for organizations to make independent decisions.

Standardizing a policy allows all parties–private and public entities– to respond in a coordinated response when cyber-hostage situations occur. In addition, a standard policy will reduce the incentive of threat actors to attack organizations in the future. For example, if hackers no longer benefit from ransomware attacks on U.S. corporations, what is the point of launching costly but essentially useless attacks?


What about cybersecurity insurance?

Cybersecurity risk insurance may cause more harm than good. 

First, when a corporation pays out ransomware demands, it encourages future attacks. A study found that 68% of victims were attacked a second time within one year. 

Second, by paying ransomware, it increases premium and overall payment. 

Lastly, having only an insurance policy but no actual cloud-native, email security system, lulls the company into a false sense of security. If we believe that we are protected, there is less incentive to invest in protection that blocks all phishing attacks.

For every dollar invested into insurance rather than essential security products, the bad actors greatly benefit.


How Area 1 Security preempts ransomware attacks

With ransomware’s increased targeting and sophistication, an organization’s best chance of surviving a ransomware attack is to prevent it from reaching the organization in the first place.

 In fact, analyst firm Gartner notes that the ransomware recovery cost can be nearly ten times the ransom demand once costs for downtime, recovery, increased cybersecurity insurance premiums, and credit monitoring for affected customers are taken into account. 

Particularly with email phishing as the delivery mechanism of choice for ransomware groups, organizations need to focus on email security as a top means of preventing ransomware stage loaders from landing in inboxes. 

Area 1 Security’s cloud-native platform, Area 1 Horizon™, offers comprehensive email security against ransomware and other advanced attacks. Through our massive-scale web crawling and threat indexing, we can discover malicious ransomware infrastructure 24 days before industry averages. In addition, we leverage small pattern analytics to detect even the most targeted ransomware without needing to rely on large volume samples. 

Area 1 also uniquely uses deep payload scanning to detect ransomware hidden in links within attachments, nested links, or archives, even if domain fronting tactics are used. Adept at detecting first-stage loaders before ransomware is even deployed, Area 1 Security preemptively protects organizations from ransomware, business email compromise (BEC), and other advanced targeted attacks. 

Here’s just one example of a Ryuk ransomware attack (which initially passed SPF, DKIM, and DMARC email authentication standards) that the Area 1 platform preemptively stopped:

To find out more about how Area 1 Security preemptively detects and stops ransomware attacks,watch our “Proactive Protection Against Ransomware Attacks” on-demand webinar here, and download our Ransomware Solution Brief here

Kevin Wilson Headshot

Kevin Wilson

Senior Product Manager at Area 1

Kevin Wilson is a Sr. Product Manager at Area 1 Security. Throughout his 14 years in Cyber Security, Kevin has been an Analyst and Engineer in various organizations such as the U.S Navy, First Data, and Lowe’s. Previously he served as the Global Information Security Officer at Guess? Inc as well as a Product Manager for McAfee.

How to replace your email gateway with Cloudflare Area 1

Leaders and practitioners responsible for email security are faced with a few truths every day. It’s likely true that their email is cloud-delivered and comes with some built-in protection that does an OK job of stopping spam and commodity malware.

Introducing email link isolation – Email gateway replacement playbook

This week was a big one for us at Cloudflare, one of our four innovation weeks which we hold annually, showcasing new developments, product news and reference architectures.

Superhero strategies for the Phish Fight

Today is National Superhero Day, and we would like to dedicate this day to you—the SOC teams and the security experts on the frontline of the phish fight.