Viewpoint: To make data breaches cease, you have to commit to never paying ransoms

Extorting companies and governments for ransoms is not new; extremist groups have long funded their operations using ransom payments from Western governments. For ransomware attacks on American companies to cease, companies will have to commit to never paying a ransom, according to a May 20 op-ed published in The Wall Street Journal.

The piece's author, Elisabeth Braw, is a fellow at the American Enterprise Institute, where she focuses on defense against emerging national security challenges.

Six things to know:

  1. About 80 percent of all kidnappings are driven by financial motives. When a hostage is taken, most companies or governments deny paying ransoms. The United Nations Security Council adopted a resolution banning all ransoms to terrorists several years ago, but many do it quietly anyway, Ms. Braw said.

  2. Most European hostages are released, compared to about 25 percent of American hostages. A report from nonpartisan think tank New America suggests that paying ransoms could be behind the significant difference between hostage releases.

  3. In 1973, after two American diplomats had been taken hostage in Sudan, President Richard Nixon affirmed that the U.S. would not negotiate their release. "We will not pay blackmail," he said. The diplomats were later killed. Yet, paying a ransom could have encouraged more kidnappings of American diplomats, Ms. Braw wrote. The United Kingdom also refuses to pay ransoms for citizens.

  4. Hospitals could adopt a similar strategy for ransomware. If leaders publicly announce they will not pay ransoms to cybergangs, it could mitigate the chances of getting hit again and making a decision under pressure.

  5. Sean Cunningham, a former chief hostage negotiator for London's Metropolitan Police who now advises businesses on ransoms, said, "Kidnappers try to tweak the emotions of decision-makers so that they make fast and irrational decisions. Ransomware attackers use the same trick by giving the business [a] deadline: 'Pay up within 72 hours or the price doubles.'"

  6. Governments could help by changing financial rules that would tighten the regulation of cryptocurrencies. They could also help companies craft a no-blackmail position.

"If, say, all U.S. pipelines or hospitals announced they won't pay ransoms, that would benefit every pipeline and hospital — and help put an end to digital kidnappings," Ms. Braw said.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars