A new study from Talion has revealed that 78% of consumers and 79% of cyber security professionals believe ransomware payments to cybercriminals should become illegal. The study is set to support the launch of a new cyber security movement founded by Talion and backed by the Research Institute for Sociotechnical Cyber Security (RISCS) called #RansomAware, which encourages organisations to speak up about ransomware attacks.
Today, the world is seeing businesses of all sizes suffer devastating attacks from ransomware. In the last few months massive attacks on Colonial Pipeline and JBS have disrupted services and earned cyber criminals millions of pounds. These attacks have been well-publicised, and the CEOs have been openly talking about the incidents – boldly going where few have gone before. Until recently most ransomware attacks have been kept out of the spotlight with businesses opting to pay the ransom to restore services, without letting their customers know.
Ciaran Martin, Professor at Blavatnik School of Government and former CEO of the National Cyber Security Centre knows first-hand just how damaging ransomware is to UK businesses, “I welcome initiatives like this. We need to look at all the different reasons why ransomware is causing so much harm. That includes tackling the tough questions like the flows of money, including looking seriously at payment bans. But we need to provide more support for victims too, and help them protect themselves in the first place.”
Talion’s study also highlighted that 81% of security professionals believe sharing information between businesses who have been attacked is the key to building better defences against ransomware. #RansomAware reportedly supports this mindset shift and has been set up to encourage organisations to openly talk about the attacks they have suffered, so we can pool intelligence and collaborate to make defences more effective.
“We believe we need to stop cyber shaming organisations and move away from a culture of blaming individuals to a place where we can be open and transparent about how these attacks are taking place. Cybercriminals collaborate on their attacks, so we must collaborate to make our defences stronger. It is ‘us’ against ‘them’,” said Michael Brown, CEO at Talion.
As part of the campaign, Talion is forming a coalition of cyber security experts, businesses, academia, and government to promote collaboration and information sharing. The coalition is formed of 16 founding members, including Talion, BAE Systems, RISCS, 36 Commercial, Insight Enterprises, Inc., KnowBe4, UK Cyber Security Association, Comparitech, Siemplify, Eskenzi PR, IT Security Guru, Outpost24, Cydea, Devo Technology Mishcon de Reya and Decipher Cyber.
“We see examples of collaboration and intelligence sharing in other industries, the medical sector for example has a formal process whereby when a medical mistake is made, the information is shared across the community to educate others and avoid the mistake being repeated. We need to band together with peers in our industries to look at ways of taking a collective response against ransomware attacks. Imagine if every law firm, university, or utilities provider stood together and publicly stated, we will not pay ransoms. Cyber criminals will follow the money, what we need to do is cut them off at the source, said Madeline Carr, Director of RISCS & Professor of Global Politics & Cyber Security at UCL.
Additional findings from Talion’s study on consumers and cybersecurity professionals also revealed that when consumers were asked how they would want their employer to respond to a ransomware attack affecting their personal data, 37% said refuse to pay. When UK consumers were asked how the government should respond if nation-state cybercriminals launch an attack on the UK’s fuel services, 46% said try to restore systems manually but suffer a longer shortage of fuel. Worryingly, other responses to the same question revealed that 14% said, ‘respond with a nuclear or physical military attack’, a figure that grew to 43% among 18 – 24-year-olds.