Australia's government is considering a ban on ransomware payments — do you think that could be effective? Why or why not?

Threat Intelligence & Incident Response Regulatory Compliance Security Strategy & Roadmap

4k views2 Upvotes20 Comments

Sort By:

Oldest

Associate Vice President, Information Technology & CISO in Education2 years ago

Kill the supply, kill the demand. If it's illegal to pay (not sure what the penalties would be), it'll surely make it less attractive for attackers to target any company in Australia.

On the other hand, the penalty may be worth it considering all factors.

C-Suite in Healthcare and Biotech2 years ago

This is a complicated question. Does the government have the authority to ban such things? Will banning payments create two 'criminals' instead of just one? Will the banning punish the victim...and the many peripheral victims who are impacted when a business is offline (or healthcare organization)?

These questions aside, paying the criminals does continue to bring more criminals to the feeding trough, so to speak. If you cut off the financial win, there is a good possibility it might impact those doing the attacks. However, I don't think that just Australia doing this will be enough of an impact. It would have to be an international stance.

I do suspect that we are still a long way from where cybercrime will evolve into. If the ransomware payments go away, it will just result in a change in how the cyber criminals find ways to gain from the compromise.

Director of Information Security in Energy and Utilities2 years ago

I agree that this is a complicated question. They have the authority to regulate how their government works, but I doubt that they can issue an executive order to ban ransomware payments without passing a law.

Regardless, I don't know if it is effective. It is a business decision and only the business owner knows the answer. Let's say it got banned. How do they stop international ransomware payment brokers from getting the encryption key on behalf of the business?

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

Peer Discussions and Polls
One-Minute Insights
Connect with like-minded individuals

CISO in Software2 years ago

I agree that it is complicated, but I also agree that it is similar to terrorism payments. Do not pay terrorists, make it illegal to pay ransomware, it will reduce this tactic significantly.

Director, Strategic Security Initiatives in Software2 years ago

It will be - as more visibility and ownership!

Content you might like

We are a large manufacturing company with over 17,000 associates, about half of whom have company-provided cell phones. We average two lost devices per week, which seems low, but executive management is concerned and wants to know if our numbers are typical compared to other companies. My questions are: 1. Do other companies also struggle with lost or stolen devices? 2. What is the average number of lost devices per week? 3. Are there repercussions for associates who lose devices due to carelessness or negligence?

Mobile Device Management (MDM)Mobile Devices Security+2 more

VP of IT in Retail3 days ago

My previous organization implemented a strict one-strike policy for lost or damaged devices. While the first incident was considered an accident, repeat offenders were required to reimburse the company for the lost or damaged ...read more

82 views1 Comment