Like what you've read?

On Line Opinion is the only Australian site where you get all sides of the story. We don't
charge, but we need your support. Here�s how you can help.

  • Advertise

    We have a monthly audience of 70,000 and advertising packages from $200 a month.

  • Volunteer

    We always need commissioning editors and sub-editors.

  • Contribute

    Got something to say? Submit an essay.


 The National Forum   Donate   Your Account   On Line Opinion   Forum   Blogs   Polling   About   
On Line Opinion logo ON LINE OPINION - Australia's e-journal of social and political debate

Subscribe!
Subscribe





On Line Opinion is a not-for-profit publication and relies on the generosity of its sponsors, editors and contributors. If you would like to help, contact us.
___________

Syndicate
RSS/XML


RSS 2.0

How to stop ransomware

By David Balaban - posted Wednesday, 16 March 2016


Cons:

  • Making it illegal is criminalizing the victim.
  • In some cases, paying the ransom is the only hope the victim has of getting their data back. And there can be incidents when lives depend on data.
  • It's difficult to enforce any ad-hoc laws because it's problematic to prove that money was ever paid out.
  • Victims' sole goal is to just recover their files rather than support criminals.

Other proposals on stopping ransomware:

Advertisement
  1. All ransomware incidents should be reported to the Internet crime complaint institutions for further investigation. Ransomware attacks are growing, having all the official stats, crime complaint institutions may also facilitate the introduction of proper legislation to address the extortion vector of cybercrime.
  2. Extradition agreements should be expanded and more countries involved. Since the criminal rings behind most ransomware scams operate from Russia and a number of other Eastern European countries, they stay on the loose due to imperfections of local law enforcement. The fear of being apprehended for cyber felony and handed over to the jurisdiction of another state should make the scoundrels think twice before pulling off another attack.
  3. ISO standards could be toughened in terms of cybersecurity training and backup implementation. Offsite backups can significantly mitigate the damage from ransomware assaults. Furthermore, most of these Trojans propagate via social engineering based on malicious email attachments, therefore, personnel training on some typical malware injection scenarios should reduce the overall ransomware success rate.
  4. Digital money exchange companies should be certified and transparent. Crypto malware operators cover their tracks by taking advantage of Bitcoin system's anonymity. Allowing law enforcement to monitor ransomware-related payments could help find and arrest the extortionists. On the other hand, anonymity is Bitcoin's main virtue for law-abiding people, so this is still a very controversial issue.
  5. Put the most important information on paper. Any electronic data is vulnerable. Paper worked for centuries and can help in many cases. You cannot steal twenty million records without several trucks.

If the proposal to criminalize ransom payments is taken, the law should be equal for all. For instance, police departments should not pay either, which is not the case at this point. Surveillance authorities collecting our data should be punished the most. They mine immense amounts of citizens' data, and they insist they need more of it but fail to keep it appropriately while facing no real accountability.

Policymakers should adapt to the present-day cybercrime realm. The security industry and law enforcement proved to be completely helpless in face of ransomware. Not only have authorities failed to stop this threat, but ransomware just grows exponentially. At this point, there are hardly any obstacles to the progress of file-encrypting malware.

  1. Pages:
  2. 1
  3. Page 2
  4. All


Discuss in our Forums

See what other readers are saying about this article!

Click here to read & post comments.

9 posts so far.

Share this:
reddit this reddit thisbookmark with del.icio.us Del.icio.usdigg thisseed newsvineSeed NewsvineStumbleUpon StumbleUponsubmit to propellerkwoff it

About the Author

David Balaban is a computer security researcher with over 10 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project.

Other articles by this Author

All articles by David Balaban

Creative Commons LicenseThis work is licensed under a Creative Commons License.

Article Tools
Comment 9 comments
Print Printable version
Subscribe Subscribe
Email Email a friend
Advertisement

About Us Search Discuss Feedback Legals Privacy