最近的袭击导致再次呼吁禁止支付赎金

温馨提示:全文约1357字,阅读全文大约需要2分钟

重大勒索软件攻击扰乱了美国的商业秩序,并美国经济中引起供应链涟漪,导致再次呼吁将向网络犯罪分子支付赎金定为非法

. 一般来说,我们不鼓励支付赎金,因为这会鼓励更多此类攻击,坦率地说,不能保证你会得到你的数据回来,”Wray6月23日美国参议院拨款委员会听证会上说.

一些安全专家敦促政府更进一步,尽管执行这项法律有困难,但将向勒索软件集团支付赎金定为非法行为。

这个想法并不新鲜。

重大勒索软件攻击扰乱了美国的商业秩序,并美国经济中引起供应链涟漪,导致再次呼吁将向网络犯罪分子支付赎金定为非法

今年6月,石油和天然气运输网络Colonial Pipeline和肉类生产商JBS USA分别支付了440万美元和1100万美元的巨额赎金以从攻击中恢复过来一个月后,联邦调查局局长克里斯托弗·雷伊(Christopher Wray)告诉上市公司,他们不应该向网络犯罪分子支付解密数据的数字密钥。”一般来说,我们不鼓励支付赎金,因为这会鼓励更多此类攻击,坦率地说,不能保证你会得到你的数据回来,”Wray6月23日美国参议院拨款委员会听证会上说

一些安全专家敦促政府更进一步,尽管执行这项法律有困难,但将向勒索软件集团支付赎金定为非法行为。网络安全服务提供商Critical Insight的创始人兼首席信息安全官迈克•汉密尔顿(Mike Hamilton)表示,最近的事件强化了他的观点,增加了他对这一选择的支持

他说:“我认为,如果没有公共政策(a)作为再保险人创造一个财政后盾,(b)禁止勒索勒索,我们将继续落后。”我们必须创造一种局面,使黑帮无法美国为受害者赚钱。他们是一家企业,我们必须让他们知道,我们不再是他们理想的受害者形象。”

这个想法并不新鲜。2019年,得克萨斯州城镇管理和地方服务遭到勒索软件攻击后,代表美国30多个城镇最高民选官员的美国市长会议,000名公民-承诺不向网络罪犯支付赎金。2020年初,美国财政部介入,强调向受制裁团体或组织支付勒索软件的公司>

一些安全公司指出,支付赎金的公司正为下一轮袭击提供资金

阅读完整的文章>

 

英文译文:

Major ransomware attacks that have disrupted businesses and caused supply chain ripples in the US economy have led to renewed calls for making it illegal to pay a ransom to cybercriminals.

In June, a month after oil and gas transport network Colonial Pipeline and meat producer JBS USA paid massive ransoms of $4.4 million and $11 million, respectively, to recover from attacks, FBI Director Christopher Wray told public companies that they should not pay cybercriminals for the digital keys to decrypt their data. “In general, we would discourage paying the ransom because it encourages more of these attacks, and frankly, there is no guarantee whatsoever that you are going to get your data back,” Wray said during a US Senate Committee on Appropriations hearing on June 23.

Some security experts are urging the government to go further and, despite the difficulties in enforcing such a law, make it illegal to pay ransoms to ransomware groups. Mike Hamilton, founder and chief information security officer at Critical Insight, a cybersecurity service provider, says that recent events have hardened his opinion and increased his support for such an option.

“I think that without public policy to (a) create a financial backstop as a reinsurer and (b) prohibit extortion payments for ransomware, we will continue to have our behinds handed to us,” he says. “We have to create a situation where the gangs cannot monetize victims in the United States. They are a business, and we have to let them know that we’re no longer their ideal victim profile.”

The idea is not new. In 2019, following ransomware attacks on town administration and local services in Texas, the US Conference of Mayors — which represents the top elected officials of every US town of more than 30,000 citizens — pledged to not pay ransoms to cybercriminals. In early 2020, the US Treasury Department weighed in, underscoring that companies that pay ransomware to sanctioned groups or organizations are violating the law.

And some security firms have pointed out that companies that pay ransoms are funding the next round of attacks.

 

Share this Post:

相关资讯: