This is a free excerpt from one of Shortform’s Articles. We give you all the important information you need to know about current events and more.
Don't miss out on the whole story. Sign up for a free trial here .
What are the major ransomware risks? Why does ransomware threaten industries and citizens alike? What is the solution?
Regulators have limited tools to counter the threat of ransomware. They can’t outlaw ransom payments or the problem will move underground, and they can’t force cryptocurrencies, which underpin many ransoms, to reveal their owners.
Learn why ransomware risks threaten not only private industries, but society as a whole.
Ransomware Risks to Society
The energy sector is not the only industry facing a growing threat from ransomware risks. Ransomware groups don’t limit their attacks to the private sector, either—they’ve targeted school districts, hospitals, municipalities, and police forces.
The groups often study their victims’ financials in advance so they can set the highest ransom an organization can feasibly afford, and as a result, the average ransom has doubled in the past year. They’re also finding new revenue streams—though they typically work by encrypting an organization’s systems and offering a decryption key in return for payment, they’ve begun threatening to release a company’s data to the public if it doesn’t pay up. This way, even if a company has a backup of its files and doesn’t need the decryption key, the ransomware group can still force a payment.
Companies often choose to pay the ransom either because they don’t have a backup or because it’s cheaper than recovering their data on their own (which might entail closing for business until the recovery is complete).
And sometimes refusing to pay ransom could cost lives—shutdowns of hospitals or municipal services threaten more than just financial loss, and executives are unlikely to delay paying what’s demanded.
Regulators Eye Cryptocurrencies
Lawmakers seeking to control the risks of ransomware are looking at cryptocurrencies, which increasingly underpin ransom demands because of their untraceable anonymity. In 2020, almost $350 million was paid to ransomware groups using cryptocurrency, four times the level in 2019.
Regulators in both the US and Europe are thus exploring how to eliminate anonymity. Possible plans include requiring banks and exchanges that deal in Bitcoin to uncover identities, or requiring crypto networks to collect information on users’ activities. However, crypto companies like Coinbase and Wall Street firms who’ve entered the cryptosphere object on the grounds that such regulation would amount to warrantless surveillance.
No Easy Answers
If all companies collectively stopped paying ransoms, ransomware groups would stop attacking—they only do it because it’s profitable. However, it’s not possible to coordinate such a boycott when a company under attack must do what it can to survive, which often means paying up (and insurance companies covering such incidents make that possible).
In avoiding the risks of ransomware, lawmakers also cannot forbid payments, or companies will simply make them quietly and push the problem underground. For now, the best solution remains prevention, but until systems are completely secure—if ever—ransomware payments will likely remain part of many businesses’ operations.
Want to fast-track your learning? With Shortform, you’ll gain insights you won't find anywhere else .
Here's what you’ll get when you sign up for Shortform :
- Complicated ideas explained in simple and concise ways
- Smart analysis that connects what you’re reading to other key concepts
- Writing with zero fluff because we know how important your time is