40% of cybersecurity professionals think paying ransomware demands should be illegal

Practice of giving in to ransomware demands rarely yields results, industry claims

Graphic depicting ransomware

A survey of top IT security professionals has revealed that 40% believe paying out as part of a ransomware demand should be made illegal.

The majority of respondents believed that businesses should never pay an attacker to decrypt their data, although more than 40% said they would either consider it or absolutely pay it as it's the easiest method of remediation.

The study from AT&T Cybersecurity shed light on the perceptions businesses have of ransomware and their current level of preparedness against the threat that's still one of the most prolific out there.

While most businesses (69%) were confident that they had the cyber security resilience and necessary backups in place to prevent a ransomware attack from crippling operations, 30% of leaders said they weren't sure.

"It's clear from this research that organisations are still struggling when it comes to ransomware. Many do not know the best practices when it comes to ransomware, or worse, do not feel confident to handle attacks efficiently," said Rick Langston, lead product manager from AT&T Cybersecurity.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Companies not only have to mitigate ransomware by having a solid security programme that uses protection tools to close down all possible attack vectors, but also have back-ups that are separate from the network in case the worst happens," he added.

Regardless of how prolific ransomware has become in the past few years - UK businesses saw a 195% increase in ransomware attacks this year - it's still eclipsed by other threats in terms of what's worrying security professionals.

Of the five most troubling threats faced by businesses, ransomware was at the bottom of the list. Nation-state attackers, insider threats, phishing and DDoS attacks were all more troubling to security professionals than the attack vector plaguing UK businesses.

It's not just the UK that's seen a proliferation of ransomware in the past year; myriad US towns and cities have succumbed to ransomware attacks in recent months - most of which seem to be small towns and government departments.

Most recently, 22 Texan towns and their government departments were hit by a coordinated ransomware attack, with one mayor confirming that the attacker used 'island hopping' to bring down his city's IT systems.

Advertisement - Article continues below

Two Floridan towns also made headlines after they were infected in the same week. Together they paid over $1 million in ransom demands to clear their IT systems of the infection - a practice which is highly disadvised in the industry.

Although paying a ransom can be the fastest way to regain control of systems, it can invite further attacks as it signals the victim is willing to pay.

There's also no guarantee that the attacker will rid the victim of the infection even after paying up either. During the NotPetya ransomware attacks in early 2018, researchers discovered that not only were the attacker's digital wallets misconfigured, but their email account had been shutdown, meaning that it was unlikely that any payments would reach their destination.

Featured Resources

Transform the operator experience with enhanced automation & analytics

Bring networking into the digital era

Download now

Artificially intelligent data centres

How the C-Suite is embracing continuous change to drive value

Download now

Deliver secure automated multicloud for containers with Red Hat and Juniper

Learn how to get started with the multicloud enabler from Red Hat and Juniper

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now
Advertisement

Recommended

Visit/security/29204/how-can-you-protect-your-business-from-crypto-ransomware
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/vulnerability/354309/patch-issued-for-critical-windows-bug
vulnerability

Patch issued for critical Windows bug

11 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354193/buy-it-to-grow-not-slow-your-business
Sponsored

Buy IT to grow, not slow, your business

25 Nov 2019
Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019