Connect with us

Published

on

Anne Neuberger, deputy national security advisor for cyber and emerging technologies, speaks during a news conference in the James S. Brady Press Briefing Room at the White House in Washington, D.C., U.S., on Monday, May 10, 2021 amid the Colonial fuel pipeline ransomware attack.

Bloomberg | Bloomberg | Getty Images

With ransomware attacks surging and 2024 on track to be one of the worst years on record, U.S. officials are seeking ways to counter the threat, in some cases, urging a new approach to ransom payments.

Ann Neuberger, U.S. deputy national security adviser for cyber and emerging technologies, wrote in a recent Financial Times opinion piece, that insurance policies — especially those covering ransomware payment reimbursements — are fueling the very same criminal ecosystems they seek to mitigate. “This is a troubling practice that must end,” she wrote, advocating for stricter cybersecurity requirements as a condition for coverage to discourage ransom payments.

Zeroing in on cyber insurance as a key area for reform comes as the U.S. government scrambles to find ways to disrupt ransomware networks. According to the latest report by the Office of the Director of National Intelligence, by mid-2024 more than 2,300 incidents already had been recorded — nearly half targeting U.S. organizations — suggesting that 2024 could exceed the 4,506 attacks recorded globally in 2023.

Yet even as policymakers scrutinize insurance practices and explore broader measures to disrupt ransomware operations, businesses are still left to grapple with the immediate question when they are under attack: Pay the ransom and potentially incentivize future attacks or refuse and risk further damage.

For many organizations, deciding whether to pay a ransom is a difficult and urgent decision. “In 2024, I attended a briefing by the FBI where they continued to advise against paying a ransom,” said Paul Underwood, vice president of security at IT services company Neovera. “However, after making that statement, they said that they understand that it’s a business decision and that when companies make that decision, it is taking into account many more factors than just ethics and good business practices. Even the FBI understood that businesses need to do whatever it takes to get back to operations,” Underwood said.

The FBI declined to comment.

“There’s no black or white here,” said cybersecurity expert Bryan Hornung, CEO of Xact IT Solutions. “There’s so many things that go into play when it comes to making the decision on whether you’re even going to entertain paying the ransom,” he said.

The urgency to restore operations can push businesses into making decisions they may not be prepared for, as does the fear of increasing damage. “The longer something goes on, the bigger the blast radius,” Hornung said. “I’ve been in rooms with CEOs who swore they’d never pay, only to reverse course when faced with prolonged downtime.”  

In addition to operational downtime, the potential exposure of sensitive data — especially if it involves customers, employees, or partners — creates heightened fear and urgency. Organizations not only face the possibility of immediate reputational damage but also class-action lawsuits from affected individuals, with the cost of litigation and settlements in some cases far outweighing the ransom demand, and driving companies to pay just to contain the fallout.

“There are lawyers out there who know how to put together class-action lawsuits based on what’s on the dark web,” Hornung said. “They have teams that find information that’s been leaked — driver’s licenses, Social Security numbers, health information — and they contact these people and tell them it’s out there. Next thing you know, you’re defending a multimillion-dollar class-action lawsuit.”  

Ransom demands, data leaks, and legal settlements

A notable example is Lehigh Valley Health Network. In 2023, the Pennsylvania-based hospital refused to pay the $5 million ransom to the ALPHV/BlackCat gang, leading to a data leak affecting 134,000 patients on the dark web, including nude photos of about 600 breast cancer patients. The fallout was severe, resulting in a class-action lawsuit, which claimed that “while LVHN is publicly patting itself on the back for standing up to these hackers and refusing to meet their ransom demands, they are consciously and internationally ignoring the real victims.”

LVHN agreed to settle the case for $65 million.

Similarly, background-check giant National Public Data is facing multiple class-action lawsuits, along with more than 20 states levying civil rights violations and possible fines by the Federal Trade Commission, after a hacker posted NPD’s database of 2.7 billion records on the dark web in April. The data included 272 million Social Security numbers, as well as full names, addresses, phone numbers and other personal data of both living and deceased individuals. The hacker group allegedly demanded a ransom to return the stolen data, though it remains unclear whether NPD paid it.

What is clear, though, is that the NPD did not immediately report the incident. Consequently, its slow and incomplete response — especially its failure to provide identity theft protection to victims — resulted in a number of legal issues, leading its parent company, Jerico Pictures, to file for Chapter 11 on Oct. 2.

NPD did not to respond to requests for comment.

Darren Williams, founder of BlackFog, a cybersecurity firm that specializes in ransomware prevention and cyber warfare, is firmly against paying ransoms. In his view, paying encourages more attacks, and once sensitive data has been exfiltrated, “it is gone forever,” he said.

Even when companies choose to pay, there’s no certainty the data will remain secure. UnitedHealth Group experienced this firsthand after its subsidiary, Change Healthcare, was hit by the ALPHV/BlackCat ransom group in April 2023. Despite paying the $22 million ransom to prevent a data leak and quickly restore operations, a second hacker group, RansomHub, angry that ALPHV/BlackCat failed to distribute the ransom to its affiliates, accessed the stolen data and demanded an additional ransom payment from Change Healthcare. While Change Healthcare hasn’t reported if it paid, the fact that the stolen data was eventually leaked on the dark web indicates their demands most likely were not met.

The fear that a ransom payment may fund hostile organizations or even violate sanctions, given the links between many cybercriminals and geopolitical enemies of the U.S., makes the decision even more precarious. For example, according to a Comparitech Ransomware Roundup, when LoanDepot was attacked by the ALPHV/BlackCat group in January, the company refused to pay the $6 million ransom demand, opting instead to pay the projected $12 million to $17 million in recovery costs. The choice was primarily motivated by concerns about funding criminal groups with potential geopolitical ties. The attack affected around 17 million customers, leaving them unable to access their accounts or make payments, and in the end, customers still filed class-action lawsuits against LoanDepot, alleging negligence and breach of contract.

American companies are behind the curve in defending against cyber hacks, says Binary's David Kennedy

Regulatory scrutiny adds another layer of complexity to the decision-making process, according to Richard Caralli, a cybersecurity expert at Axio.

On the one hand, recently implemented SEC reporting requirements, which mandate disclosures about cyber incidents of material importance, as well as ransom payments and recovery efforts, may make companies less likely to pay because they fear legal action, reputational damage, or shareholder backlash. On the other hand, some companies may still opt to pay to prioritize a quick recovery, even if it means facing those consequences later.

“The SEC reporting requirements have certainly had an effect on the way in which organizations address ransomware,” Caralli said. “Being subjected to the consequences of ransomware alone is tricky to navigate with customers, business partners, and other stakeholders, as organizations must expose their weaknesses and lack of preparedness.” 

With the passage of the Cyber Incident Reporting for Critical Infrastructure Act, set to go into effect around October 2025, many non-SEC regulated organizations will soon face similar pressures. Under this ruling, companies in critical infrastructure sectors — which are often small and mid-sized entities — will be obligated to disclose any ransomware payments, further intensifying the challenges of handling these attacks.

Cybercriminals changing nature of data attack

As fast as cyber defenses improve, cybercriminals are even quicker to adapt.

“Training, awareness, defensive techniques, and not paying all contribute to the reduction of attacks. However, it is very likely that more sophisticated hackers will find other ways to disrupt businesses,” Underwood said.

A recent report from cyber extortion specialist Coveware highlights a significant shift in ransomware patterns.

While not an entirely new tactic, hackers are increasingly relying on data exfiltration-only attacks. That means sensitive information is stolen but not encrypted, meaning victims can still access their systems. It’s a response to the fact that companies have improved their backup capabilities and become better prepared to recover from encryption-based ransomware. The ransom is demanded not for recovering encrypted files but to prevent the stolen data from being released publicly or sold on the dark web.

New attacks by lone wolf actors and nascent criminal groups have emerged following the collapse of ALPHV/BlackCat and Lockbit, according to Coveware. These two ransomware gangs were among the most prolific, with LockBit believed to have been responsible for nearly 2,300 attacks and ALPHV/BlackCat over 1,000, 75% of which were in the U.S.

BlackCat executed a planned exit after pilfering the ransom owed to its affiliates in the Change Healthcare attack. Lockbit was taken down after an international law-enforcement operation seized its platforms, hacking tools, cryptocurrency accounts, and source codes. However, even though these operations have been disrupted, ransomware infrastructures are quickly rebuilt and rebranded under new names.

“Ransomware has one of the lowest barriers to entry for any type of crime,” said BlackFog’s Williams. “Other forms of crime carry significant risks, such as jail time and death. Now, with the ability to shop on the dark web and leverage the tools of some of the most successful gangs for a small fee, the risk-to-reward ratio is quite high.”

Making ransom a last resort

One point on which cybersecurity experts universally agree is that prevention is the ultimate solution.

As a benchmark, Hornung recommends businesses allocate between one percent and three percent of their top-line revenue toward cybersecurity, with sectors like health care and financial services, which handle highly sensitive data, at the higher end of this range. “If not, you’re going to be in trouble,” he said. “Until we can get businesses to do the right things to protect, detect, and respond to these events, companies are going to get hacked and we’re going to have to deal with this challenge.”

Additionally, proactive measures such as endpoint detection — a type of “security guard” on your computer that constantly looks for signs of unusual or suspicious activity and alerts you — or response and ransomware rollback, a backup feature that kicks in and will undo damage and get you your files back if a hacker locks you out of your system, can minimize damage when an attack occurs, Underwood said.

A well-developed plan can help ensure that paying the ransom is a last resort, not the first option.

“Organizations tend to panic and have knee-jerk reactions to ransomware intrusions,” Caralli said. To avoid this, he stresses the importance of developing an incident response plan that outlines specific actions to take during a ransomware attack, including countermeasures such as reliable data backups and regular drills to ensure that recovery processes work in real-world scenarios.

Hornung says ransomware attacks — and the pressure to pay — will remain high. “Prevention is always cheaper than the cure,” he said, “but businesses are asleep at the wheel.”

The risk is not limited to large enterprises. “We work with a lot of small- and medium-sized businesses, and I say to them, ‘You’re not too small to be hacked. You’re just too small to be in the news.'”

If no organization paid the ransom, the financial benefit of ransomware attacks would be diminished, Underwood said. But he added that it wouldn’t stop hackers.

“It is probably safe to say that more organizations that do not pay would also cause attackers to stop trying or perhaps try other methods, such as stealing the data, searching for valuable assets, and selling it to interested parties,” he said. “A frustrated hacker may give up, or they will try alternative methods. They are, for the most part, on the offensive.”

Continue Reading

Technology

AI could affect 40% of jobs and widen inequality between nations, UN warns

Published

on

By

AI could affect 40% of jobs and widen inequality between nations, UN warns

Artificial intelligence robot looking at futuristic digital data display.

Yuichiro Chino | Moment | Getty Images

Artificial intelligence is projected to reach $4.8 trillion in market value by 2033, but the technology’s benefits remain highly concentrated, according to the U.N. Trade and Development agency.

In a report released on Thursday, UNCTAD said the AI market cap would roughly equate to the size of Germany’s economy, with the technology offering productivity gains and driving digital transformation. 

However, the agency also raised concerns about automation and job displacement, warning that AI could affect 40% of jobs worldwide. On top of that, AI is not inherently inclusive, meaning the economic gains from the tech remain “highly concentrated,” the report added. 

“The benefits of AI-driven automation often favour capital over labour, which could widen inequality and reduce the competitive advantage of low-cost labour in developing economies,” it said. 

The potential for AI to cause unemployment and inequality is a long-standing concern, with the IMF making similar warnings over a year ago. In January, The World Economic Forum released findings that as many as 41% of employers were planning on downsizing their staff in areas where AI could replicate them.  

However, the UNCTAD report also highlights inequalities between nations, with U.N. data showing that 40% of global corporate research and development spending in AI is concentrated among just 100 firms, mainly those in the U.S. and China. 

Furthermore, it notes that leading tech giants, such as Apple, Nvidia and Microsoft — companies that stand to benefit from the AI boom — have a market value that rivals the gross domestic product of the entire African continent. 

This AI dominance at national and corporate levels threatens to widen those technological divides, leaving many nations at risk of lagging behind, UNCTAD said. It noted that 118 countries — mostly in the Global South — are absent from major AI governance discussions. 

UN recommendations 

But AI is not just about job replacement, the report said, noting that it can also “create new industries and and empower workers” — provided there is adequate investment in reskilling and upskilling.

But in order for developing nations not to fall behind, they must “have a seat at the table” when it comes to AI regulation and ethical frameworks, it said.

In its report, UNCTAD makes a number of recommendations to the international community for driving inclusive growth. They include an AI public disclosure mechanism, shared AI infrastructure, the use of open-source AI models and initiatives to share AI knowledge and resources. 

Open-source generally refers to software in which the source code is made freely available on the web for possible modification and redistribution.

“AI can be a catalyst for progress, innovation, and shared prosperity – but only if countries actively shape its trajectory,” the report concludes. 

“Strategic investments, inclusive governance, and international cooperation are key to ensuring that AI benefits all, rather than reinforcing existing divides.”

Continue Reading

Technology

Nvidia positioned to weather Trump tariffs, chip demand ‘off the charts,’ says Altimeter’s Gerstner

Published

on

By

Nvidia positioned to weather Trump tariffs, chip demand 'off the charts,' says Altimeter's Gerstner

Altimeter CEO Brad Gerstner is buying Nvidia

Altimeter Capital CEO Brad Gerstner said Thursday that he’s moving out of the “bomb shelter” with Nvidia and into a position of safety, expecting that the chipmaker is positioned to withstand President Donald Trump’s widespread tariffs.

“The growth and the demand for GPUs is off the charts,” he told CNBC’s “Fast Money Halftime Report,” referring to Nvidia’s graphics processing units that are powering the artificial intelligence boom. He said investors just need to listen to commentary from OpenAI, Google and Elon Musk.

President Trump announced an expansive and aggressive “reciprocal tariff” policy in a ceremony at the White House on Wednesday. The plan established a 10% baseline tariff, though many countries like China, Vietnam and Taiwan are subject to steeper rates. The announcement sent stocks tumbling on Thursday, with the tech-heavy Nasdaq down more than 5%, headed for its worst day since 2022.

The big reason Nvidia may be better positioned to withstand Trump’s tariff hikes is because semiconductors are on the list of exceptions, which Gerstner called a “wise exception” due to the importance of AI.

Nvidia’s business has exploded since the release of OpenAI’s ChatGPT in 2022, and annual revenue has more than doubled in each of the past two fiscal years. After a massive rally, Nvidia’s stock price has dropped by more than 20% this year and was down almost 7% on Thursday.

Gerstner is concerned about the potential of a recession due to the tariffs, but is relatively bullish on Nvidia, and said the “negative impact from tariffs will be much less than in other areas.”

He said it’s key for the U.S. to stay competitive in AI. And while the company’s chips are designed domestically, they’re manufactured in Taiwan “because they can’t be fabricated in the U.S.” Higher tariffs would punish companies like Meta and Microsoft, he said.

“We’re in a global race in AI,” Gerstner said. “We can’t hamper our ability to win that race.”

WATCH: Brad Gerstner is buying Nvidia

Continue Reading

Technology

YouTube announces Shorts editing features amid potential TikTok ban

Published

on

By

YouTube announces Shorts editing features amid potential TikTok ban

Jaque Silva | Nurphoto | Getty Images

YouTube on Thursday announced new video creation tools for Shorts, its short-form video feed that competes against TikTok. 

The features come at a time when TikTok, which is owned by Chinese company ByteDance, is at risk of an effective ban in the U.S. if it’s not sold to an American owner by April 5.

Among the new tools is an updated video editor that allows creators to make precise adjustments and edits, a feature that automatically syncs video cuts to the beat of a song and AI stickers.

The creator tools will become available later this spring, said YouTube, which is owned by Google

Along with the new features, YouTube last week said it was changing the way view counts are tabulated on Shorts. Under the new guidelines, Shorts views will count the number of times the video is played or replayed with no minimum watch time requirement. 

Previously, views were only counted if a video was played for a certain number of seconds. This new tabulation method is similar to how views are counted on TikTok and Meta’s Reels, and will likely inflate view counts.

“We got this feedback from creators that this is what they wanted. It’s a way for them to better understand when their Shorts have been seen,” YouTube Chief Product Officer Johanna Voolich said in a YouTube video. “It’s useful for creators who post across multiple platforms.”

WATCH: TikTok is a digital Trojan horse, says Hayman Capital’s Kyle Bass

TikTok is a digital Trojan horse, says Hayman Capital's Kyle Bass

Continue Reading

Trending