As the US and our allies ramp up sanctions against Russia over that nation’s invasion of Ukraine, companies facing ransomware attacks think their ability to resolve the attacks is being complexified. Ed McNicholas, Co-Leader of Ropes & Gray LLP’s Data, Privacy & Cybersecurity Practice, has articulated the whine, as cited by the WSJ:
[E]nsuring that ransomware payments aren’t going to sanctioned Russian entities has gotten “much harder” recently.
“The overlap of the rise of ransomware and then these pervasive sanctions against Russia has created quite a firestorm in terms of the ability to pay ransoms,” he said.
No. It’s actually not that hard. These companies need to cut out the firestorm nonsense, and stop encouraging further ransomware attacks on themselves and on other businesses by paying the hackers for their crimes. It’s perfectly straightforward. Don’t make the payments at all.
Instead, do the near-term hard, but intermediate- and long-term high payoff work of taking corporate security seriously: fill the security gaps—both electronic and human—that allow the ransomware attacks to go forward, and learn how to counterattack to eliminate the attackers (not only the attacks), both through court channels and through electronic/virtual pathways.
Coveware Inc CEO Bill Siegel, as cited by the WSJ:
[C]ompanies should be proactive about beefing up their security and run tabletop exercises to try to avoid being caught off guard by an attack.
“Most companies approach this risk for the very first time when the incident happens,” he said.
That last is not just unacceptable, that’s willful negligence, and it should get the companies’ CEOs, COOs, CIOs, and their deputies fired for cause.