Ransomware funds more ransomware ? how do we stop it?

You’re going to have to make some policy decisions to make these attacks end because that’s the scale of the thing.Let’s begin with the obvious, uncontested fact: the number of ransomware attacks is going up because companies are paying the ransoms.The Colonial Pipeline hack is a case in point. So right now, we actually don’t know the true extent of the ransomware problem because a lot of companies keep hacks quiet.Immediate disclosure would at least give us a better sense of what’s going on, but there would be a cost: hackers would get more leverage. Like, hackers create leverage now by making a hack’s existence public, which creates pressure on the company to get things back to normal — by paying up. “Yours was one I was looking at, at the time,” Beaumont replied.Right now, it is legal to pay ransom: it’s even tax-deductible, and the money often comes from a company’s cyber insurer. That group then carries out the hack and demands ransom, and the company pays a non-sanctioned wallet. It’s ransomware-as-a-service.Still, making all ransom payments illegal could cut down the number of companies that hand over their money. “In the long term, stopping ransom would probably halt this, but in the short term it would be very painful,” says Tom Robinson, the founder and chief scientific officer of Elliptic, a company that tracks cryptocurrency transactions.It would be painful for the same reason that companies often pay the ransom: they might go out of business otherwise. According to the Sophos survey, paying the ransom actually makes hacks more expensive because companies still have to do some pretty serious work to fix their systems and lock them down on top of paying the ransom money.