JACKSONVILLE, Fla. – According to a Jacksonville cybersecurity expert, implementing a federal ban on using taxpayer money to pay ransoms could potentially deter cyberattacks, but it may also result in unintended consequences.
Cybercriminals are primarily motivated by financial gain, often extorting large sums of money. This lucrative business model is exemplified by ransomware thieves who view it as a profitable venture.
Lock Supp, the leader of LockBit, affirmed in a podcast that “the business works and always will work.”
While 40 countries in a United States-led alliance pledged in 2023 to refrain from paying ransoms to cybercriminals, the actual implementation of this policy into law remains uncertain, with the United States opting not to impose a blanket ban on ransom payments.
Several states, including New York, Pennsylvania, and Texas, are taking matters into their own hands by introducing legislation to prevent the use of taxpayer funds to pay ransoms for ransomware attacks.
On the flip side, Tyler Chancey of Scarlett Cybersecurity cautioned that an outright ban on extortion payments could lead to cybercriminals adapting their tactics, citing a recent incident involving a business email compromise at the St. Johns County Clerk of Court.
Chancey explained how these attacks compromise email accounts, intercept payment information, and manipulate transactions, resulting in unintended financial losses that may go undetected for weeks.
While the Biden administration encourages entities not to pay ransoms, it has not officially taken a stance on banning cyberpayments, deferring to the National Security Council and FBI for guidance.