The government is getting fed up with ransomware payments fueling endless cycle of cyberattacks
Anne Neuberger, deputy national security advisor for cyber and emerging technologies, speaks during a news conference in the James S. Brady Press Briefing Room at the White House in Washington, D.C., U.S., on Monday, May 10, 2021 amid the Colonial fuel pipeline ransomware attack.
Bloomberg | Bloomberg | Getty Images
With ransomware attacks surging and 2024 on track to be one of the worst years on record, U.S. officials are seeking ways to counter the threat, in some cases, urging a new approach to ransom payments.
Ann Neuberger, U.S. deputy national security adviser for cyber and emerging technologies, wrote in a recent Financial Times opinion piece, that insurance policies — especially those covering ransomware payment reimbursements — are fueling the very same criminal ecosystems they seek to mitigate. “This is a troubling practice that must end,” she wrote, advocating for stricter cybersecurity requirements as a condition for coverage to discourage ransom payments.
Zeroing in on cyber insurance as a key area for reform comes as the U.S. government scrambles to find ways to disrupt ransomware networks. According to the latest report by the Office of the Director of National Intelligence, by mid-2024 more than 2,300 incidents already had been recorded — nearly half targeting U.S. organizations — suggesting that 2024 could exceed the 4,506 attacks recorded globally in 2023.
Yet even as policymakers scrutinize insurance practices and explore broader measures to disrupt ransomware operations, businesses are still left to grapple with the immediate question when they are under attack: Pay the ransom and potentially incentivize future attacks or refuse and risk further damage.
For many organizations, deciding whether to pay a ransom is a difficult and urgent decision. “In 2024, I attended a briefing by the FBI where they continued to advise against paying a ransom,” said Paul Underwood, vice president of security at IT services company Neovera. “However, after making that statement, they said that they understand that it’s a business decision and that when companies make that decision, it is taking into account many more factors than just ethics and good business practices. Even the FBI understood that businesses need to do whatever it takes to get back to operations,” Underwood said.
The FBI declined to comment.
“There’s no black or white here,” said cybersecurity expert Bryan Hornung, CEO of Xact IT Solutions. “There’s so many things that go into play when it comes to making the decision on whether you’re even going to entertain paying the ransom,” he said.
The urgency to restore operations can push businesses into making decisions they may not be prepared for, as does the fear of increasing damage. “The longer something goes on, the bigger the blast radius,” Hornung said. “I’ve been in rooms with CEOs who swore they’d never pay, only to reverse course when faced with prolonged downtime.”
In addition to operational downtime, the potential exposure of sensitive data — especially if it involves customers, employees, or partners — creates heightened fear and urgency. Organizations not only face the possibility of immediate reputational damage but also class-action lawsuits from affected individuals, with the cost of litigation and settlements in some cases far outweighing the ransom demand, and driving companies to pay just to contain the fallout.
“There are lawyers out there who know how to put together class-action lawsuits based on what’s on the dark web,” Hornung said. “They have teams that find information that’s been leaked — driver’s licenses, Social Security numbers, health information — and they contact these people and tell them it’s out there. Next thing you know, you’re defending a multimillion-dollar class-action lawsuit.”
Ransom demands, data leaks, and legal settlements
A notable example is Lehigh Valley Health Network. In 2023, the Pennsylvania-based hospital refused to pay the $5 million ransom to the ALPHV/BlackCat gang, leading to a data leak affecting 134,000 patients on the dark web, including nude photos of about 600 breast cancer patients. The fallout was severe, resulting in a class-action lawsuit, which claimed that “while LVHN is publicly patting itself on the back for standing up to these hackers and refusing to meet their ransom demands, they are consciously and internationally ignoring the real victims.”
LVHN agreed to settle the case for $65 million.
Similarly, background-check giant National Public Data is facing multiple class-action lawsuits, along with more than 20 states levying civil rights violations and possible fines by the Federal Trade Commission, after a hacker posted NPD’s database of 2.7 billion records on the dark web in April. The data included 272 million Social Security numbers, as well as full names, addresses, phone numbers and other personal data of both living and deceased individuals. The hacker group allegedly demanded a ransom to return the stolen data, though it remains unclear whether NPD paid it.
What is clear, though, is that the NPD did not immediately report the incident. Consequently, its slow and incomplete response — especially its failure to provide identity theft protection to victims — resulted in a number of legal issues, leading its parent company, Jerico Pictures, to file for Chapter 11 on Oct. 2.
NPD did not to respond to requests for comment.
Darren Williams, founder of BlackFog, a cybersecurity firm that specializes in ransomware prevention and cyber warfare, is firmly against paying ransoms. In his view, paying encourages more attacks, and once sensitive data has been exfiltrated, “it is gone forever,” he said.
Even when companies choose to pay, there’s no certainty the data will remain secure. UnitedHealth Group experienced this firsthand after its subsidiary, Change Healthcare, was hit by the ALPHV/BlackCat ransom group in April 2023. Despite paying the $22 million ransom to prevent a data leak and quickly restore operations, a second hacker group, RansomHub, angry that ALPHV/BlackCat failed to distribute the ransom to its affiliates, accessed the stolen data and demanded an additional ransom payment from Change Healthcare. While Change Healthcare hasn’t reported if it paid, the fact that the stolen data was eventually leaked on the dark web indicates their demands most likely were not met.
The fear that a ransom payment may fund hostile organizations or even violate sanctions, given the links between many cybercriminals and geopolitical enemies of the U.S., makes the decision even more precarious. For example, according to a Comparitech Ransomware Roundup, when LoanDepot was attacked by the ALPHV/BlackCat group in January, the company refused to pay the $6 million ransom demand, opting instead to pay the projected $12 million to $17 million in recovery costs. The choice was primarily motivated by concerns about funding criminal groups with potential geopolitical ties. The attack affected around 17 million customers, leaving them unable to access their accounts or make payments, and in the end, customers still filed class-action lawsuits against LoanDepot, alleging negligence and breach of contract.
Regulatory scrutiny adds another layer of complexity to the decision-making process, according to Richard Caralli, a cybersecurity expert at Axio.
On the one hand, recently implemented SEC reporting requirements, which mandate disclosures about cyber incidents of material importance, as well as ransom payments and recovery efforts, may make companies less likely to pay because they fear legal action, reputational damage, or shareholder backlash. On the other hand, some companies may still opt to pay to prioritize a quick recovery, even if it means facing those consequences later.
“The SEC reporting requirements have certainly had an effect on the way in which organizations address ransomware,” Caralli said. “Being subjected to the consequences of ransomware alone is tricky to navigate with customers, business partners, and other stakeholders, as organizations must expose their weaknesses and lack of preparedness.”
With the passage of the Cyber Incident Reporting for Critical Infrastructure Act, set to go into effect around October 2025, many non-SEC regulated organizations will soon face similar pressures. Under this ruling, companies in critical infrastructure sectors — which are often small and mid-sized entities — will be obligated to disclose any ransomware payments, further intensifying the challenges of handling these attacks.
Cybercriminals changing nature of data attack
As fast as cyber defenses improve, cybercriminals are even quicker to adapt.
“Training, awareness, defensive techniques, and not paying all contribute to the reduction of attacks. However, it is very likely that more sophisticated hackers will find other ways to disrupt businesses,” Underwood said.
A recent report from cyber extortion specialist Coveware highlights a significant shift in ransomware patterns.
While not an entirely new tactic, hackers are increasingly relying on data exfiltration-only attacks. That means sensitive information is stolen but not encrypted, meaning victims can still access their systems. It’s a response to the fact that companies have improved their backup capabilities and become better prepared to recover from encryption-based ransomware. The ransom is demanded not for recovering encrypted files but to prevent the stolen data from being released publicly or sold on the dark web.
New attacks by lone wolf actors and nascent criminal groups have emerged following the collapse of ALPHV/BlackCat and Lockbit, according to Coveware. These two ransomware gangs were among the most prolific, with LockBit believed to have been responsible for nearly 2,300 attacks and ALPHV/BlackCat over 1,000, 75% of which were in the U.S.
BlackCat executed a planned exit after pilfering the ransom owed to its affiliates in the Change Healthcare attack. Lockbit was taken down after an international law-enforcement operation seized its platforms, hacking tools, cryptocurrency accounts, and source codes. However, even though these operations have been disrupted, ransomware infrastructures are quickly rebuilt and rebranded under new names.
“Ransomware has one of the lowest barriers to entry for any type of crime,” said BlackFog’s Williams. “Other forms of crime carry significant risks, such as jail time and death. Now, with the ability to shop on the dark web and leverage the tools of some of the most successful gangs for a small fee, the risk-to-reward ratio is quite high.”
Making ransom a last resort
One point on which cybersecurity experts universally agree is that prevention is the ultimate solution.
As a benchmark, Hornung recommends businesses allocate between one percent and three percent of their top-line revenue toward cybersecurity, with sectors like health care and financial services, which handle highly sensitive data, at the higher end of this range. “If not, you’re going to be in trouble,” he said. “Until we can get businesses to do the right things to protect, detect, and respond to these events, companies are going to get hacked and we’re going to have to deal with this challenge.”
Additionally, proactive measures such as endpoint detection — a type of “security guard” on your computer that constantly looks for signs of unusual or suspicious activity and alerts you — or response and ransomware rollback, a backup feature that kicks in and will undo damage and get you your files back if a hacker locks you out of your system, can minimize damage when an attack occurs, Underwood said.
A well-developed plan can help ensure that paying the ransom is a last resort, not the first option.
“Organizations tend to panic and have knee-jerk reactions to ransomware intrusions,” Caralli said. To avoid this, he stresses the importance of developing an incident response plan that outlines specific actions to take during a ransomware attack, including countermeasures such as reliable data backups and regular drills to ensure that recovery processes work in real-world scenarios.
Hornung says ransomware attacks — and the pressure to pay — will remain high. “Prevention is always cheaper than the cure,” he said, “but businesses are asleep at the wheel.”
The risk is not limited to large enterprises. “We work with a lot of small- and medium-sized businesses, and I say to them, ‘You’re not too small to be hacked. You’re just too small to be in the news.'”
If no organization paid the ransom, the financial benefit of ransomware attacks would be diminished, Underwood said. But he added that it wouldn’t stop hackers.
“It is probably safe to say that more organizations that do not pay would also cause attackers to stop trying or perhaps try other methods, such as stealing the data, searching for valuable assets, and selling it to interested parties,” he said. “A frustrated hacker may give up, or they will try alternative methods. They are, for the most part, on the offensive.”
Formula One F1 – United States Grand Prix – Circuit of the Americas, Austin, Texas, U.S. – October 23, 2022 Tim Cook waves the chequered flag to the race winner Red Bull’s Max Verstappen
Mike Segar | Reuters
Apple had two major launches last month. They couldn’t have been more different.
First, Apple revealed some of the artificial intelligence advancements it had been working on in the past year when it released developer versions of its operating systems to muted applause at its annual developer’s conference, WWDC. Then, at the end of the month, Apple hit the red carpet as its first true blockbuster movie, “F1,” debuted to over $155 million — and glowing reviews — in its first weekend.
While “F1” was a victory lap for Apple, highlighting the strength of its long-term outlook, the growth of its services business and its ability to tap into culture, Wall Street’s reaction to the company’s AI announcements at WWDC suggest there’s some trouble underneath the hood.
“F1” showed Apple at its best — in particular, its ability to invest in new, long-term projects. When Apple TV+ launched in 2019, it had only a handful of original shows and one movie, a film festival darling called “Hala” that didn’t even share its box office revenue.
Despite Apple TV+ being written off as a costly side-project, Apple stuck with its plan over the years, expanding its staff and operation in Culver City, California. That allowed the company to build up Hollywood connections, especially for TV shows, and build an entertainment track record. Now, an Apple Original can lead the box office on a summer weekend, the prime season for blockbuster films.
The success of “F1” also highlights Apple’s significant marketing machine and ability to get big-name talent to appear with its leadership. Apple pulled out all the stops to market the movie, including using its Wallet app to send a push notification with a discount for tickets to the film. To promote “F1,” Cook appeared with movie star Brad Pitt at an Apple store in New York and posted a video with actual F1 racer Lewis Hamilton, who was one of the film’s producers.
(L-R) Brad Pitt, Lewis Hamilton, Tim Cook, and Damson Idris attend the World Premiere of “F1: The Movie” in Times Square on June 16, 2025 in New York City.
Jamie Mccarthy | Getty Images Entertainment | Getty Images
Although Apple services chief Eddy Cue said in a recent interview that Apple needs the its film business to be profitable to “continue to do great things,” “F1” isn’t just about the bottom line for the company.
Apple’s Hollywood productions are perhaps the most prominent face of the company’s services business, a profit engine that has been an investor favorite since the iPhone maker started highlighting the division in 2016.
Films will only ever be a small fraction of the services unit, which also includes payments, iCloud subscriptions, magazine bundles, Apple Music, game bundles, warranties, fees related to digital payments and ad sales. Plus, even the biggest box office smashes would be small on Apple’s scale — the company does over $1 billion in sales on average every day.
But movies are the only services component that can get celebrities like Pitt or George Clooney to appear next to an Apple logo — and the success of “F1” means that Apple could do more big popcorn films in the future.
“Nothing breeds success or inspires future investment like a current success,” said Comscore senior media analyst Paul Dergarabedian.
But if “F1” is a sign that Apple’s services business is in full throttle, the company’s AI struggles are a “check engine” light that won’t turn off.
Replacing Siri’s engine
At WWDC last month, Wall Street was eager to hear about the company’s plans for Apple Intelligence, its suite of AI features that it first revealed in 2024. Apple Intelligence, which is a key tenet of the company’s hardware products, had a rollout marred by delays and underwhelming features.
Apple spent most of WWDC going over smaller machine learning features, but did not reveal what investors and consumers increasingly want: A sophisticated Siri that can converse fluidly and get stuff done, like making a restaurant reservation. In the age of OpenAI’s ChatGPT, Anthropic’s Claude and Google’s Gemini, the expectation of AI assistants among consumers is growing beyond “Siri, how’s the weather?”
The company had previewed a significantly improved Siri in the summer of 2024, but earlier this year, those features were delayed to sometime in 2026. At WWDC, Apple didn’t offer any updates about the improved Siri beyond that the company was “continuing its work to deliver” the features in the “coming year.” Some observers reduced their expectations for Apple’s AI after the conference.
“Current expectations for Apple Intelligence to kickstart a super upgrade cycle are too high, in our view,” wrote Jefferies analysts this week.
Siri should be an example of how Apple’s ability to improve products and projects over the long-term makes it tough to compete with.
It beat nearly every other voice assistant to market when it first debuted on iPhones in 2011. Fourteen years later, Siri remains essentially the same one-off, rigid, question-and-answer system that struggles with open-ended questions and dates, even after the invention in recent years of sophisticated voice bots based on generative AI technology that can hold a conversation.
Apple’s strongest rivals, including Android parent Google, have done way more to integrate sophisticated AI assistants into their devices than Apple has. And Google doesn’t have the same reflex against collecting data and cloud processing as privacy-obsessed Apple.
Some analysts have said they believe Apple has a few years before the company’s lack of competitive AI features will start to show up in device sales, given the company’s large installed base and high customer loyalty. But Apple can’t get lapped before it re-enters the race, and its former design guru Jony Ive is now working on new hardware with OpenAI, ramping up the pressure in Cupertino.
“The three-year problem, which is within an investment time frame, is that Android is racing ahead,” Needham senior internet analyst Laura Martin said on CNBC this week.
Apple’s services success with projects like “F1” is an example of what the company can do when it sets clear goals in public and then executes them over extended time-frames.
Its AI strategy could use a similar long-term plan, as customers and investors wonder when Apple will fully embrace the technology that has captivated Silicon Valley.
Wall Street’s anxiety over Apple’s AI struggles was evident this week after Bloomberg reported that Apple was considering replacing Siri’s engine with Anthropic or OpenAI’s technology, as opposed to its own foundation models.
The move, if it were to happen, would contradict one of Apple’s most important strategies in the Cook era: Apple wants to own its core technologies, like the touchscreen, processor, modem and maps software, not buy them from suppliers.
Using external technology would be an admission that Apple Foundation Models aren’t good enough yet for what the company wants to do with Siri.
“They’ve fallen farther and farther behind, and they need to supercharge their generative AI efforts” Martin said. “They can’t do that internally.”
Apple might even pay billions for the use of Anthropic’s AI software, according to the Bloomberg report. If Apple were to pay for AI, it would be a reversal from current services deals, like the search deal with Alphabet where the Cupertino company gets paid $20 billion per year to push iPhone traffic to Google Search.
The company didn’t confirm the report and declined comment, but Wall Street welcomed the report and Apple shares rose.
In the world of AI in Silicon Valley, signing bonuses for the kinds of engineers that can develop new models can range up to $100 million, according to OpenAI CEO Sam Altman.
“I can’t see Apple doing that,” Martin said.
Earlier this week, Meta CEO Mark Zuckerberg sent a memo bragging about hiring 11 AI experts from companies such as OpenAI, Anthropic, and Google’s DeepMind. That came after Zuckerberg hired Scale AI CEO Alexandr Wang to lead a new AI division as part of a $14.3 billion deal.
Meta’s not the only company to spend hundreds of millions on AI celebrities to get them in the building. Google spent big to hire away the founders of Character.AI, Microsoft got its AI leader by striking a deal with Inflection and Amazon hired the executive team of Adept to bulk up its AI roster.
Apple, on the other hand, hasn’t announced any big AI hires in recent years. While Cook rubs shoulders with Pitt, the actual race may be passing Apple by.
Tesla CEO Elon Musk speaks alongside U.S. President Donald Trump to reporters in the Oval Office of the White House on May 30, 2025 in Washington, DC.
Kevin Dietsch | Getty Images
Tesla CEO Elon Musk, who bombarded President Donald Trump‘s signature spending bill for weeks, on Friday made his first comments since the legislation passed.
Musk backed a post on X by Sen. Rand Paul, R-Ky., who said the bill’s budget “explodes the deficit” and continues a pattern of “short-term politicking over long-term sustainability.”
The House of Representatives narrowly passed the One Big Beautiful Bill Act on Thursday, sending it to Trump to sign into law.
Paul and Musk have been vocal opponents of Trump’s tax and spending bill, and repeatedly called out the potential for the spending package to increase the national debt.
On Monday, Musk called it the “DEBT SLAVERY bill.”
The independent Congressional Budget Office has said the bill could add $3.4 trillion to the $36.2 trillion of U.S. debt over the next decade. The White House has labeled the agency as “partisan” and continuously refuted the CBO’s estimates.
The bill includes trillions of dollars in tax cuts, increased spending for immigration enforcement and large cuts to funding for Medicaid and other programs.
It also cuts tax credits and support for solar and wind energy and electric vehicles, a particularly sore spot for Musk, who has several companies that benefit from the programs.
“I took away his EV Mandate that forced everyone to buy Electric Cars that nobody else wanted (that he knew for months I was going to do!), and he just went CRAZY!” Trump wrote in a social media post in early June as the pair traded insults and threats.
Shares of Tesla plummeted as the feud intensified, with the company losing $152 billion in market cap on June 5 and putting the company below $1 trillion in value. The stock has largely rebounded since, but is still below where it was trading before the ruckus with Trump.
Tesla one-month stock chart.
— CNBC’s Kevin Breuninger and Erin Doherty contributed to this article.
Microsoft CEO Satya Nadella speaks at the Axel Springer building in Berlin on Oct. 17, 2023. He received the annual Axel Springer Award.
Ben Kriemann | Getty Images
Among the thousands of Microsoft employees who lost their jobs in the cutbacks announced this week were 830 staffers in the company’s home state of Washington.
Nearly a dozen game design workers in the state were part of the layoffs, along with three audio designers, two mechanical engineers, one optical engineer and one lab technician, according to a document Microsoft submitted to Washington employment officials.
There were also five individual contributors and one manager at the Microsoft Research division in the cuts, as well as 10 lawyers and six hardware engineers, the document shows.
Microsoft announced plans on Wednesday to eliminate 9,000 jobs, as part of an effort to eliminate redundancy and to encourage employees to focus on more meaningful work by adopting new technologies, a person familiar with the matter told CNBC. The person asked not to be named while discussing private matters.
Scores of Microsoft salespeople and video game developers have since come forward on social media to announce their departure. In April, Microsoft said revenue from Xbox content and services grew 8%, trailing overall growth of 13%.
In sales, the company parted ways with 16 customer success account management staff members based in Washington, 28 in sales strategy enablement and another five in sales compensation. One Washington-based government affairs worker was also laid off.
Microsoft eliminated 17 jobs in cloud solution architecture in the state, according to the document. The company’s fastest revenue growth comes from Azure and other cloud services that customers buy based on usage.
CEO Satya Nadella has not publicly commented on the layoffs, and Microsoft didn’t immediately provide a comment about the cuts in Washington. On a conference call with analysts in April, Microsoft CFO Amy Hood said the company had a “focus on cost efficiencies” during the March quarter.
WATCH: Microsoft layoffs not performance-based, largely targeting middle managers
-
Sports3 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports1 year agoStory injured on diving stop, exits Red Sox game
-
Sports2 years agoGame 1 of WS least-watched in recorded history
-
Sports2 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports4 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Sports2 years agoButton battles heat exhaustion in NASCAR debut
-
Environment2 years agoGame-changing Lectric XPedition launched as affordable electric cargo bike