cyberscoop.com Open in urlscan Pro
3.162.3.111  Public Scan

Form analysis
1 forms found in the DOM

GET https://cyberscoop.com/

<form role="search" id="searchform" class="site-search" method="get" action="https://cyberscoop.com/">
  <meta itemprop="target" content="https://cyberscoop.com/?s={s}">
  <label class="screen-reader-text" for="search-field"> Search for: </label>
  <input class="site-search__input js-site-search-input" itemprop="query-input" type="text" id="search-field" value="" placeholder="Search news, people, podcasts, videos" name="s">
  <button class="site-search__button">
    <svg class="icon icon--search" width="19" height="19" fill="none" viewBox="0 0 19 19" xmlns="http://www.w3.org/2000/svg">
      <path
        d="M7.9.7a6.805 6.805 0 0 0-6.8 6.8c0 3.752 3.048 6.8 6.8 6.8a6.757 6.757 0 0 0 3.975-1.288l5.262 5.25 1.125-1.125-5.2-5.212A6.77 6.77 0 0 0 14.7 7.5c0-3.752-3.048-6.8-6.8-6.8Zm0 .8c3.319 0 6 2.681 6 6s-2.681 6-6 6-6-2.681-6-6 2.681-6 6-6Z"
        fill="currentColor" stroke="currentColor"></path>
    </svg>
    <span class="visually-hidden">Search</span>
  </button>
</form>

Text Content

Skip to main content
Advertisement

 * CyberScoop
 * AIScoop
 * FedScoop
 * DefenseScoop
 * StateScoop
 * EdScoop

Advertise Search Close
Search for: Search

Open navigation
 * Topics
   Back
    * AI
    * Cybercrime
    * Commentary
    * Financial
    * Government
    * Policy
    * Privacy
    * Technology
    * Threats
    * Research
    * Workforce

 * Special Reports
 * Events
 * Podcasts
 * Videos
 * Insights
 * Subscribe to Newsletters
 * Advertise

Switch Site
 * CyberScoop
 * AIScoop
 * FedScoop
 * DefenseScoop
 * StateScoop
 * EdScoop

Subscribe
Advertisement


Voting is open for the 2024 CyberScoop 50 awards! 

Click here!
Close
 * Cybercrime


WHAT MORE CAN BE DONE TO STOP RANSOMWARE ATTACKS? 

A panel of experts debated at the 2024 mWISE conference what more could be done
in the wake of police action and tens of millions in ransom payments over the
past year. 

By Greg Otto

September 19, 2024

(Getty Images)

DENVER — “Drone strikes.” 

The comment, made somewhat in jest by Allan Liska, an intelligence analyst at
Recorded Future, was in response to a question about what could be done to
further deter ransomware actors from carrying out their attacks. 

“We only need to hit one ransomware dude with a drone, and then a whole bunch of
them will retire very quickly once they know that’s on the table,” Liska said
during an expert panel Wednesday at the Mandiant Worldwide Information Security
Exchange (mWISE). 

While the comment may have been tongue-in-cheek, there was an undercurrent of
exasperation when Liska and other experts were asked how to further thwart
ransomware attacks, especially as it has been made public that several companies
have made eight-figure ransom payments in 2024. 

Advertisement


“The rewards of ransomware are so great” for attackers, said Brett Callow, a
managing director at FTI Consulting. “We really need a very powerful deterrent
or we need very effective mechanisms to reduce the amount of money that’s
flowing into the ransomware ecosystem. Until we do one of those two things, or a
combination of both, we’re not really going to get to grips with this problem.”

The experts commended the amount of takedowns in 2024 — 14 as of this article’s
publication — calling it a step in the right direction. But they also know
cybercriminals adapt to these actions, being able to re-tool and quickly resume
operations. 

Kimberly Goody, head of Mandiant’s Cyber Crime Analysis team, pointed to the
Trickbot takedown as an example of how attackers showed some resilience. 

“I would say the timing of that Trickbot disruption maybe didn’t have the impact
in reducing ransomware in the way we would like, because once [those
responsible] had taken action against Trickbot, those actors shifted to these
other tools that organizations didn’t actually have adequate defenses against,”
she said. “So we kind of saw a skyrocket of victims there, because we didn’t set
those organizations up for success with being able to detect the new tools.” 

Liska contrasted that takedown with Operation Endgame, a multinational effort
that disrupted more than 100 servers and 2,000 domains that were used to
facilitate a range of cybercrime. 

Advertisement


Operation Endgame “was better timed, better coordinated, and I think it was much
more impactful,” he said. “I think not only are we seeing more takedowns, but
we’re seeing law enforcement learn lessons from earlier problems to [carry out
takedowns] more effectively.”


IS BANNING RANSOM PAYMENTS REASONABLE? 

Over the course of the year, both Callow and Liska have called for an outright
ban on ransom payments as a way to deter attacks. But both backed off those
thoughts Wednesday when they viewed it through the lens of the current attack
landscape. 

“I used to be a proponent of a ban, but I think the time to do that would have
been [when] ransomware was nowhere near as impactful as it is” now, Callow said.
“I just don’t see us being able to tell a hospital that it can’t pay a ransom
when it has no means of recovering its systems. The impact on patients would be
politically untenable.” 

Liska called a ban “a bad idea, but the least bad one,” while also endorsing the
UK’s plan to require ransomware victims to contact the government, then grant
them clearance to make extortion payments.

Advertisement


“If you have to pay a ransom, at least [the government knows] how much ransom is
being paid, and they know what wallets are being paid to, and they can start
tracking that information better,” he said. 


INSURERS’ ROLE IN DETERRENCE

In the past few years, cyber insurers have strengthened organizations’ defenses
by limiting or avoiding ransom payments and advising on best practices,
particularly regarding backups. Goody noted that these efforts reduce attackers’
financial gains from incidents.

“We are seeing those [insurance] companies push organizations to try to restore
as many systems as they can as quickly as possible, while the negotiator is kind
of stalling,” she said. “That’s important from the perspective of if an
organization was hit with ransomware, and the attacker demanded $2 million for
the restoration of all their systems, if that [victim] organization is able to
actively discover that actually only 10% can’t be restored from backups, they
can use that to give them an upper hand in the negotiation, which ultimately
helps the cyber insurer, because they might not have to pay out as much.”

Liska noted that insurers are increasingly stringent about companies’ security
practices before issuing policies.

Advertisement


“I know that a lot of organizations now before they get their [policy] renewal,
they have to go through a much more intensive testing process, not just fill out
a checkbox,” he said. “They actually have people coming in and doing pentesting.
That allows some of these insurance companies to pick better customers, or have
better customers that are not going to be hit as often.” 


VISIBILITY ABOVE ALL 

Even with the enhanced efforts from both government and the private sector,
Callow said there are still way too many attacks that happen out of the public
eye to further deter ransomware attacks. 

“It is really, really hard to measure the effect of these actions, because we
don’t know how many ransomware attacks there are,” he said. “We don’t know the
impact of those attacks. We have very, very limited visibility for law
enforcement to truly be able to assess the impacts of their actions. And for
policymakers, we need to have much better reporting of incidents so that we know
how many there are, so that we can see and measure the impact.”



WRITTEN BY GREG OTTO

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for
the website. Greg has led cybersecurity coverage that has won various awards,
including accolades from the Society of Professional Journalists and the
American Society of Business Publication Editors. Prior to joining Scoop News
Group, Greg worked for the Washington Business Journal, U.S. News & World Report
and WTOP Radio. He has a degree in broadcast journalism from Temple University.

IN THIS STORY

 * Allan Liska
 * Brett Callow
 * Kimberly Goody
 * Mandiant
 * ransomware

Share
 * Facebook
 * LinkedIn
 * Twitter
 * Copy Link

Advertisement

Advertisement



MORE LIKE THIS


 1. NEWMARK INITIATIVE WILL BRING ONLINE A NETWORK OF CIVIL DEFENSE HACKERS
    
    By Christian Vasquez


 2. AT&T AGREES TO $13 MILLION FINE FOR THIRD-PARTY CLOUD BREACH
    
    By Derek B. Johnson


 3. DETERRENCE IN CYBERSPACE IS POSSIBLE — AND ‘URGENT’ — AMID ‘ALARMING’ HYBRID
    ATTACKS, STATE CYBER AMBASSADOR SAYS
    
    By Tim Starks

Advertisement



TOP STORIES


 1. FTC DETAILS HOW STREAMING SERVICES, SOCIAL MEDIA HAVE BECOME ‘MASS
    SURVEILLANCE’ MACHINES 
    
    By Derek B. Johnson


 2. UNITEDHEALTH GROUP CISO: WE HAD TO ‘START OVER’ AFTER CHANGE HEALTHCARE
    ATTACK
    
    By Greg Otto


 3. KREBS: IRANIAN OUTREACH TO BIDEN CAMPAIGN WAS ‘LATE BREAKING’ NEWS TO U.S.
    GOV
    
    By AJ Vicens

Advertisement



MORE SCOOPS

U.S. President Joe Biden speaks from the Oval Office of the White House on July
24. (Photo by Evan Vucci-Pool/Getty Images)


BIDEN’S CYBERSECURITY LEGACY: ‘A BIG SHIFT’ TO PRIVATE SECTOR RESPONSIBILITY

Over the course of his term, Joe Biden has presided over an ambitious agenda on
regulation and more, to both praise and criticism.
By Tim Starks
Blue pipes going to an oil refinery. (Getty Images)


RANSOMWARE ATTACKS ARE HITTING ENERGY, OIL AND GAS SECTORS ESPECIALLY HARD,
REPORT FINDS

By Christian Vasquez
Car dealership office. (Fahroni, iStock/Getty Images Plus)


CDK HACK SHOWS SEC DISCLOSURE STANDARDS ARE UNSETTLED

By Tim Starks


US CAR DEALERS ARE FEELING THE PAIN OF CDK CYBERATTACK

By AJ Vicens


DATA STOLEN IN CHANGE HEALTHCARE ATTACK LIKELY INCLUDED U.S. SERVICE MEMBERS,
EXECUTIVE SAYS

By Matt Bracken


CISA RANSOMWARE WARNING PROGRAM HAS SENT OUT MORE THAN 2,000 ALERTS

By Christian Vasquez


CONGRESS RAILS AGAINST UNITEDHEALTH GROUP AFTER RANSOMWARE ATTACK

By Christian Vasquez


LATEST PODCASTS

HOW ORGANIZATIONS ARE HANDLING AI SECURITY

WE’RE BACK! RUNSAFE CEO JOE SAUNDERS ON SECURE-BY-DESIGN IN IOT DEVICES

TED SCHLEIN ON THE CYBERSECURITY INDUSTRY AND THE LATEST TWIST IN THE TRUMP-IRAN
HACKING SAGA

HACK-AND-LEAK OP TARGETS TRUMP; A TECHNICAL DEEP DIVE WITH JOHN HAMMOND ON THE
CROWDSTRIKE OUTAGE


GOVERNMENT

 * House Dem urges FCC to press ahead with disclosure rule around AI in
   political ads
 * Treasury hits Predator spyware makers with more sanctions
 * CISA warns of hackers exploiting bug for end-of-life Ivanti product
 * Election officials say U.S. Postal Service woes place election mail at risk


TECHNOLOGY

 * WATCH: NSA releases lecture from computer science pioneer Rear Adm. Grace
   Hopper
 * Check Point acquires threat intel company Cyberint
 * Former Verizon employee pleads guilty to conspiring to aid Chinese spy agency
 * Google to wind down app store bug bounty 


THREATS

 * European, Latin American authorities arrest 17 in crackdown on phishing
   network with 483,000 victims
 * U.S. agencies say Iranian hackers tried to pass ‘non-public’ Trump campaign
   docs to Biden’s campaign
 * FBI joint operation takes down massive Chinese botnet, Wray says
 * Ransomware group releases screenshots in attempted extortion of Port of
   Seattle


GEOPOLITICS

 * US accuses RT, others of covert arms dealing, global influence operations
 * U.S. charges five Russian military members for destructive cyber ops,
   hack-and-leak campaigns
 * Predator spyware resurfaces with signs of activity, Recorded Future says
 * Google: apparent Russian hackers play copycat to commercial spyware vendors

Advertisement

About Us
 * FedScoop
 * DefenseScoop
 * StateScoop
 * EdScoop
 * CyberScoop
 * AIScoop

 * Newsletters
 * Advertise with us
 * Ad specs
 * (202) 887-8001
 * hello@cyberscoop.com

 * FB
 * TW
 * LinkedIn
 * IG
 * YT

Close Ad

Continue to CyberScoop