Ransomware attacks have increased significantly, with experts warning that their victims should not pay ransom to hackers. In particular, experts point out that paying the ransom financially strengthens criminal gangs and encourages them to carry out further attacks.
Former senior British official for cyber security reported that the insurance Companies often fund organized crime by paying ransom to cybercriminals to help affected companies regain access to data and systems after a hacking attack.
Ciaran Martin, former director of his National Cybersecurity Center United Kingdom, expressed concern that ransomware "is too close to spiraling out of control", noting that there is a risk that National Health Systems around the world could be affected during the ongoing pandemic. COVID-19. Thus, the insurance companies that pay the ransom for the victim companies, further intensify the malicious attacks. According to Martin, the problem is that there is no law that prevents companies from paying ransom to hacking gangs. The former intelligence chief also stressed that a change in the law on insurance and a ban on such payments should be considered.
It is worth noting that the UK laws on extortion prohibit ransom payments to terrorists and were largely drawn up in response to the kidnapping threat. However, cyberattacks are not carried out by terrorist groups, and therefore there is no obstacle to the ransom being paid by both the victim companies themselves and the insurance companies.
Hacking gangs tend to be based in Russia and in the former Soviet states outside the Baltic region, Martin said, with the Kremlin and other regional governments turning a blind eye to their activities.
Some gangs claim to have made large sums of money from their cyber activities. Indicatively, the gangs of Wizard Spider and Ryuk are estimated to have earned more than $ 150 million by carrying out online blackmail, according to a transaction study Bitcoin.
During ransomware attacks, hackers invade and take control of corporate system data. They then demand ransom from the victims - which can total up to $ 10 million a year - to give back access to the systems.
For example, Travelex - a UK-based foreign exchange service provider - paid $ 2,3 million last year to regain control after hackers hit its networks. In addition, the smartwatch manufacturer Garmin He is also said to have paid for the recovery of files after being attacked by a cyber last summer.
Cybercriminals say they will not target hospitals or health centers, as they believe such an attack would have wider diplomatic implications. However, according to Martin, IT systems are not easily recognized on the Internet, so an attack with wider implications remains possible.
In 2017, the National Health Systems were among those severely disrupted by his attack WannaCry, behind which was North Korea. The disruption caused to hospital systems demonstrates how severely the global health sector could be affected.
German police launched an investigation in September after a woman died during a cyber attack on a hospital in Düsseldorf. Doctors tried to transport the patient to another facility, 30 kilometers away.
Other recent ransomware attacks have been carried out against EuroFins, a Belgian forensic company that has suspended police investigations in England and Wales, and elsewhere for several months, although this was not widely reported at the time. He reportedly paid a ransom.
Gangs often spy on their targets and tailor their requirements to target size - there are even examples of small businesses demanding λύ 1.500 ransom.
Companies that have effective backups and can recover from a hacking attack are also under pressure to pay because gangs are threatening to leak stolen data to the internet.
Martin said it was difficult to track the level of ransomware activity because many attacks go unnoticed unless personal data is compromised. However, he added that he regretted not being able to change the law during his tenure in government. He also stated the following: "In the last year, experts say we are close to losing control. "The law is not wrong for anyone, it was written for another purpose, however it paves the way for the payment of ransoms to cybercriminals".