TLDR:
- CISA director, Jen Easterly, stated that banning ransomware payments is not feasible in the U.S.
- Ransomware Task Force believes that banning payments could do more harm than good.
- Efforts such as incident reporting, law enforcement, and secure-by-design are key in fighting ransomware.
In a recent discussion at the Oxford Cyber Forum, CISA director Jen Easterly addressed the topic of banning ransomware payments, stating that it is not practical within the U.S. cybersecurity system. This comes after former U.K. security official, Ciaran Martin, called for a ban on ransomware payments earlier this year. The Ransomware Task Force also weighed in, warning that banning payments could have negative repercussions for victims, society, and the economy.
The U.S. government’s strategy against ransomware includes stricter incident reporting standards, law enforcement efforts, shared intelligence, and secure-by-design initiatives. While penalties for paying ransom are not currently part of the plan, entities like IBM strongly discourage making ransomware payments and advocate for following best practices. It is believed that a unified approach and collaboration among stakeholders are more effective in combating ransomware threats.