Security experts gathered at the Mandiant Worldwide Information Security Exchange (mWISE) conference in Denver to discuss the alarming rise of ransomware attacks and potential deterrence strategies. Among the panelists was Allan Liska, an intelligence analyst at Recorded Future, who jokingly suggested using drone strikes against ransomware actors to send a strong message.

The conversation delved into the challenges of combating ransomware, especially in light of the substantial ransom payments made by some companies in 2024. Brett Callow, a managing director at FTI Consulting, emphasized the need for powerful deterrents or mechanisms to stem the flow of money into the ransomware ecosystem, as the rewards for attackers remain alluring.

Despite the increase in law enforcement takedowns of ransomware operations in 2024, experts acknowledged the resilience of cybercriminals who quickly adapt and resume their activities. Kimberly Goody, head of Mandiant’s Cyber Crime Analysis team, highlighted the Trickbot takedown as an example of how attackers shifted to new tools after disruptions, leading to a surge in victims.

Comparing different takedown operations, Liska praised the effectiveness of Operation Endgame, a multinational effort that disrupted cybercrime infrastructure. He noted that law enforcement agencies are learning from past experiences to conduct takedowns more efficiently.

The discussion turned to the feasibility of banning ransom payments as a deterrence strategy. While both Callow and Liska previously supported a ban, they now recognize the complexities of implementing such a policy, particularly in critical sectors like healthcare. Liska endorsed the UK’s approach of mandatory reporting of ransomware attacks to enhance tracking and monitoring of payments.

The role of cyber insurance in deterring ransomware attacks was also emphasized, with insurers encouraging organizations to restore systems from backups and adopt stronger security practices. Insurers are increasingly conducting rigorous security assessments before issuing policies to mitigate risks and select better clients.

One key takeaway from the panel was the importance of visibility in deterring ransomware attacks. Callow highlighted the challenge of measuring the impact of cybersecurity actions due to a lack of comprehensive incident reporting. He emphasized the need for better visibility and reporting to assess the effectiveness of law enforcement efforts and inform policymakers.

In conclusion, the discussion at the mWISE conference underscored the urgency of addressing the ransomware threat through a combination of deterrence measures, improved cybersecurity practices, and enhanced collaboration between government agencies, private sector entities, and insurers. As the ransomware landscape evolves, continuous efforts to adapt and innovate in response to cyber threats are essential to safeguarding critical infrastructure and data.

Извор линк