As 2023 drew to a close, a report by Emsisoft made the bold recommendation to impose a flat-out ban on ransom payments in the event of cyberattacks.
Their suggestion has spawned a good deal of discussion, including a new report by incident response firm Coveware, who disagrees strongly with the recommendation. The following is just a snippet from their new report:
Humor us, what WOULD happen if the US enacted a national ban on ransom payments?
Two things would happen immediately.
1) A very large illegal market would be spawned overnight to service ransomware victims that needed to pay.
2) Much of the progress made on government / agency reporting would be reversed overnight. Victim reporting would drop dramatically and victim cooperation with law enforcement that contributes to their ongoing disruption efforts would dissipate dramatically.
Read more about their views on this issue on Coveware’s website, where they also present data indicating that ransom payments decreased significantly in Q4 of 2023. While the median ransomware payment did not change from Q3 to Q4 and remained at $200,000, the mean ransomware payment decreased 33% from Q3 to $568,705.