Ransomware is again in the news—this time in terms of what state and local governments are actively doing to prevent it. At least three US states—New York, North Carolina and Pennsylvania—are considering legislation that would ban state and local government agencies from paying ransom if they’re attacked by cyber criminals.
Interestingly, a similar bill in Texas was thrown out earlier this year. The mechanics of how the ban would work in reality is confusing, and there is no doubt some political posturing in state and local governments to look tough on cyber crime.
The logic of this ban is similar to the age-old logic the US government has had when dealing with terrorist organizations who kidnap US citizens—they will simply not negotiate with them because to do so would further encourage kidnappings. If ransomers know that there will be no negotiation and payout (by law) then perhaps they will focus on easier more lucrative targets.
However, ransoming human beings is much different than ransoming computer files and systems—not to say these files and systems don’t have an impact on human life as we saw with the Colonial Pipeline situation earlier in the year.
There is another wrinkle to applying the human hostage logic to ransomware situations: the fact that many of the cybercrooks perpetrating these schemes are on the payrolls of many ‘great-power’ governments (e.g., Russia and China). There is a risk that if you get too tough, you could provoke an act of war with a nuclear-armed nation.
There is yet another wrinkle here, and it reminds me of when I was dealing with the local pest control company when I had a mosquito issue at my home. Essentially, what good was paying to have the area inside my property line sprayed when bugs don’t care where the line is and will be happy to enter from a neighbor’s non-sprayed property any time? Thus, if those states do enact those bans (and they actually do deter some cyber criminals) they will certainly not stop at Lake Eerie before threatening another state. Any state (or country) other than PA, NY and NC may feel a little like all these states did was push their pests over to them.
We at Tech Essentials have our own doubts about these bans. We are in the camp of many other cybersecurity experts who believe that the cost of rebuilding the critical systems that would be torched in the event of a ransomer making good on their threat would be equal if not more the cost of the ransom. This would impact taxpayers not just in terms of the costs but the impacted state and local services. As we’ve mentioned in previous articles, these cybercrooks are careful to calculate the potential cost/benefit for each target and would already be factoring in the pain points of a targeted government.
Again, I want to highlight the layers of protection that we provide so as to provide peace-of-mind to our customers who are concerned about the growing threats of these attacks:
I can’t say enough about how we make it our mission to thwart these attackers at every turn. These hackers are extortionists and, by leveraging these tools for your organizations, you take away their ability to hold any system for ransom in the first place. I really do wonder if the three aforementioned states had RMail in place for their systems if they would need to spend the valuable time and resources passing these bans.
May 13, 2022
May 06, 2022
April 29, 2022
April 25, 2022
April 18, 2022