Talion study realises calls for ransomware payments to be made illegal

The study itself supports the launch of a new cyber security movement founded by Talion and backed by the Research Institute for Sociotechnical Cyber Security (RISCS). It’s called #RansomAware and encourages organisations to speak up about ransomware attacks.

Today, the world is seeing businesses of all sizes suffer devastating attacks from ransomware. In the last few months alone, massive attacks on Colonial Pipeline and JBS have disrupted services and earned cyber criminals millions of pounds. These attacks have been well-publicised.

CEOs have been openly talking about the incidents which is a bold move. Until recently, most ransomware attacks have been kept out of the spotlight with businesses opting to pay the ransom to restore services without letting their customers know of any such episodes.

Ciaran Martin, Professor at the Blavatnik School of Government and former CEO of the National Cyber Security Centre, knows first-hand just how damaging ransomware is to UK businesses, “I welcome initiatives like this. We need to look at all the different reasons why ransomware is causing so much harm. That includes tackling the tough questions such as those around flows of money and looking seriously at payment bans. We need to provide more support for victims as well and help them protect themselves in the first place.”

Building better defences

Talion’s study has also highlighted the fact that 81% of security professionals believe sharing information between businesses who’ve been attacked is the key to building better defences against ransomware.

#RansomAware supports this mindset shift and has been set up to encourage organisations to openly talk about the attacks they’ve suffered such that intelligence can be pooled and collaborations orchestrated in a bid to make defences more effective.

Michael Brown, CEO at Talion, stated: “We believe that we need to stop ‘cyber shaming’ organisations and move away from a culture of blaming individuals to a place where we can be open and transparent about how these attacks are taking place. Cyber criminals collaborate on their attacks so it follows that we must collaborate to make our defences stronger. It’s us against them.”

As part of the campaign, Talion is forming a coalition of cyber security experts plus representatives from businesses, academia and Government to promote collaboration and information sharing. The coalition is formed of 14 founding members: Talion, BAE Systems, the RISCS, 36 Commercial, Insight Enterprises, KnowBe4, the UK Cyber Security Association, Siemplify, Eskenzi PR, IT Security Guru, Outpost24, Cydea, Devo Technology and Decipher Cyber.

Collective response

Madeline Carr, director of the RISCS and Professor of Global Politics and Cyber Security at UCL, explained: “We see examples of collaboration and intelligence sharing in other industries. The medical sector, for example, has a formal process whereby, when a medical mistake is made, the information is shared across the community to educate others and avoid the mistake being repeated. We need to band together with peers in our industries to look at ways of taking a collective response against ransomware attacks. Imagine if every law firm, university or utilities provider stood together and publicly stated: ‘We will not pay ransoms’. Cyber criminals will follow the money. What we need to do is cut them off at the source.”

An additional finding from Talion’s study on consumers and cyber security professionals has revealed that, when consumers were asked how they would want their employer to respond to a ransomware attack affecting their personal data, 37% would advocate a refusal to pay.