A group of renowned security researchers warns that ransom payments for ransomware attacks should stop – and recommend setting up an aid fund.
Because of the high level of damage, the willingness of companies to pay a ransom has recently increased significantly. “However, ransomware payments are the root of all evil.” Ransomware has been a highly organized crime for years. “If victims of ransomware didn’t pay the ransom demanded, then this business model would be nipped in the bud.”
Specifically, the researchers are working to ensure that companies can no longer deduct the ransom payments from their taxes. Companies above a certain size should be required to report ransomware attacks and ransom payments. Insurance companies that secure ransom payments should be stopped. Instead, insurance should be promoted to cover the loss of sales and recovery measures caused. “Since insurers are increasingly demanding strong security measures from policyholders, there is an opportunity here to significantly increase IT security across the board without having to take further regulatory measures.”
If a company finds itself in financial distress as a result of ransomware attacks, the company should be helped “in an appropriate manner”, for example through a relief fund, so that they are not forced to pay ransoms. “However, the support should be subject to conditions that ensure that the victims do not neglect their obligation to protect themselves.”