US Plans To Push Other Countries Not to Pay Hacker Ransoms

The US is pushing a group of governments to publicly commit to not make ransom payments to hackers ahead of an annual meeting of more than 45 nations in Washington later this month. From a report: Anne Neuberger, deputy national security adviser, told Bloomberg News that she is "incredibly hopeful" about enlisting support for such a statement but acknowledged it's a "hard policy decision." If members can't agree to the statement in advance of the meeting, then it will be included as a discussion point, she said. [...] The aim of the statement is to change that calculus, Neuberger said. "Ransom payments are what's driving ransomware," she said. "That's the reason we think it's so needed."

Other countries?

[DrMrLordX]

We aren't even pushing our own private enterprises/corporations to do that.

Re:

[taustin]

In fact, the standard these days is to buy insurance against ransomware, pay said insurance a fee to unencrypt your files, and the insurance pays the ransom.

SOP.

The current administration is an amateur hour shit show.

Re:Other countries?

[saloomy]

The only solution is to have frequent snapshots of your data. Make that data replicate to another data appliance (preferably in a remote location) and have both units In their own management networks with no shared credentials or administrative devices shared with the rest of the network. The second set should backup to tape.

Even the best IT security can not guarantee against ransomware since its vector is code you can not always audit. Zero-days exist. Not all of them in packages like Log4J that are auditable (though few people even have the resources to audit the code they can). Snapshot the data. Keep the snapshot device (your SAN / NAS) isolated. Replicate it. To something that itself is isolated from a management perspective from the first. Back that up. Never lose data. It is like life. Once you lose it, it is gone. Keep snapshots around for a long while, so even if you get hit, you can recover the files. Also, use continuous data protection where applicable. We use WORM media for database log files.

When ransomware hits: Recover. Don't pay.

Re:

[taustin]

There is no substitute for proper backups. Which cost a hell of a lot less than ransomware insurance.

Re:

[jbengt]

Even with proper backups, you can lose a lot of productivity with a ransom-ware attack. An 80-person company I worked for lost data with a server failure. They restored from backups which took about half a day where most work could not get done. But the server had failed after the end of the previous day and before the nightly diff, so they lost that day's work, also. With a ransomware attack, you wouldn't necessarily be confident in restoring to the potentially still infected servers so it would take e

Re:

[taustin]

Even with proper backups, you can lose a lot of productivity with a ransom-ware attack.

Yes, but not as much as you'll lose waiting for the insurance company to pay the ransom.

Re:

[gweihir]

Indeed. And tested recovery procedures. Which you need in a decently run enterprise anyways.

Re: Other countries?

[saloomy]

We have the ability to spin up VMs with our snapshot clones disks. We then move IPs with BGP and can actually move the entire workload to the remote site. We do this sometimes for maintenance, or every 180 days. Scripts have made the startup process take about 10 minutes for about 150 VMs. Itâ(TM)s really not that difficult. In the script, we can specify to finish the most recent replication and use real time data (as replication is asynchronous) or use a point in time snapshot. It clones the data stor

Re:

[ZipNada]

From the article; "The statement is expected to apply to governments rather than companies that regularly fall victim to ransomware attacks."

"The current administration" doesn't write laws, and can't force US companies to get their head out of their asses. But it can direct government agencies to refuse ransoms.

And the administration can do this, which seems pretty sensible;
"The Biden administration established an annual international summit to address ransomware in 2021, a gathering of cybersecurity leader

Re:

[nightflameauto]

We aren't even pushing our own private enterprises/corporations to do that.

Our government works for those enterprises/corporations. Why would they enforce rules on their owners?

Re:

[ZipNada]

What makes you think we aren't pushing private enterprise to refuse to pay ransoms?

Re:

[DrMrLordX]

What makes you think the Biden administration is?

Re:

[ZipNada]

"What makes you think the Biden administration is?"

That's the logical fallacy of 'shifting the burden of proof'.

https://www.logicalfallacies.o... [logicalfallacies.org]

Re:

[Gibgezr]

"Pushing" means nothing to a corporation. Something is either illegal or it is not, and that is all they care about.

WTF?

[bloodhawk]

The USA can't even get it shit together to ban it in the USA, why the fuck would other countries take them seriously. Regardless other countries are already way ahead of the USA in this area.

Re:

[Black Parrot]

Send them a cruise missile and a sympathy card.

Re:

[NoWayNoShapeNoForm]

Send them a cruise missile and a sympathy card.

With a promise to deliver it in 30 minutes or less ... or your next one is FREE !

Re:

[gweihir]

Well, there is just one slight detail-problem: Identifying and localizing these people. But the usual cave men (you) do not actually understand that the size of the stick does not matter if you do not know who to beat up.

Ban the means of payment

[VeryFluffyBunny]

It's difficult to collect ransom money over the interwebs pipes if you ban cryptocurrencies. Nobody of any character or substance will miss them.

Re:

[dfghjk]

"I sure would love to miss the American Democratic Party as much as they fucking miss FTX."

I would miss someone who gave me money too, but that doesn't mean I commit crimes.

On the other hand, I'd love to see Elon Musk and his crypto manipulations gone. "I'd sign the ban now".

Re:Ban the means of payment

[DarkOx]

This ransomware is ultimately driven by the same root cause a lot of nasty stuff like human trafficking, drugs, terrorism and on and on..

That is anonymous cross border transactions be they with non-traditional financial tools like crypto coins, art and antiquities trades where the asset does not actually move, and other stuff like certain forms of money grams etc that more or less skirt KYC requirements.

There are ways to fix this - obvious ways - but the people in power and if we really honest about it a majority of the public does not want it fixed for one selfish reason or another.

Re:

[gweihir]

Indeed. It is high time to do that. Or even better, regulate them like regular bank accounts. That will put an end to this crap really fast.

Pot meet kettle!

[oldgraybeard]

Do as I say blah blah blah. The US administration is a complete nanny state failure of epic proportions.

Ransomware

[Larry_Dillon]

Make it illegal to pay ransomware and set the fine at 3x any ransom paid. If companies want to pay, it will really cost them. Basically treble damages to the government for paying the ransom.

Re:

[dfghjk]

Sounds like a free market solution!

Re:

[subreality]

That only works if the companies get caught at least 33% of the time. The fines have to be huge to be a deterrent.

Why not have a tax on ransoms?

[Haydn]

That way the government can discourage paying them as much as it likes, and help balance the budget!

Re:

[gweihir]

Not enough. Jail those that decided to pay for 1 year and make them repay the ransom money from their personal fortune.

Re:

[Deal In One]

If a billion dollar firm pays 50million and pays another 150M for the fine, it's still not much of a cost, if the revenue is in the billions every quarter.

But if the fine was say, 25% of the company's yearly worldwide revenue (regardless of amount), that may be a hit that the company may not want to take.

Re:

[spitzak]

What is needed is a large number of ransomware attacks where the attackers do nothing after the ransom is paid. If there was a reasonable chance that the ransom won't work then it will greatly reduce the incentive to pay it. These people would actually be doing a service.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[gweihir]

Naa, the US is not capable of doing that. Considering the sheer magnitude of "unfixed" and "getting worse" domestic US issues, I kind of understand that.

This makes absolutely no sense.

[PubJeezy]

Our government keeps telling us that ransomware attacks are coming from terrorists operating in coordination with state-level actors. I'm no lawyer but I'm pretty sure that FINANCIALLY SUPPORTING TERRORISTS IS ALREADY AGAINST THE LAW in the US and yet our government has never bothered to charge a ransom-payer for the crime they committed.

The US government can immediately stop domestic ransomware payouts but instead they're running around issuing toothless statements about what other folks should be doing.