The ransomware scourge has become much worse the last 12 months. Highly organized cybercrime gangs have iterated their attacks into a massive extortion racket.
They are focusing on easy prey, and recently dozens of local governments, school systems and non-profits have been infected, apart from very visible large companies that suffered weeks of downtime.
To avoid disruption, ransomware victims continue to pay up. Well over half decided that downtime would be more expensive than the ransom, including infected local governments.
However, taxpayers don’t want their dollars going toward ransomware attacks
A recent survey by PandaSecurity shows that 86% of Americans believe their local government should not pay the ransom on a ransomware attack. Additionally, the results showed that Americans prefer to invest tax dollars in cyber security awareness training and up-to-date software rather than using ethical hackers or insurance.
Enter two senators of New York state. They recently came up with bills to ban government agencies and local municipalities from using public money to pay cybercriminals to get their files back.
The first bill, proposed by Republican NY Senator Phil Boyle, and the second bill, proposed by Democrat NY Senator David Carlucci, are currently in committee. Several industry experts stated that this is the first time the state authorities have proposed a law that outright bans paying the ransom all together.
We had a brief look at both bills "in committee" (which means that lawmakers discuss to either release or not release the bill to the floor to be voted upon). Neither bill covers cyber insurance which adds another wrinkle to this whole mess.
A law like this could force a restructuring of cyber insurance under NY insurance regulation, and these two bills might never get out of committee because of pressure from the cyber insurance sector.
U.S. insurers are ramping up cyber-insurance rates by as much as 25%
Reuters reported that the price hikes follow a challenging year of criminal hackers using ransomware to take down systems that control everything from hospital billing to manufacturing. “Ransomware is more sophisticated and dangerous than we saw in the past,” said Adam Kujawa, director of Malwarebytes Labs.
The average ransom of $41,198 during the 2019 third quarter more than tripled from the first quarter, according to Coveware, which helps negotiate and facilitate the payments.
I strongly suggest you attend the brand new Roger Grimes webinar Jan 30, and avoid becoming the next victim.