Connect with us

Published

on

Anne Neuberger, deputy national security advisor for cyber and emerging technologies, speaks during a news conference in the James S. Brady Press Briefing Room at the White House in Washington, D.C., U.S., on Monday, May 10, 2021 amid the Colonial fuel pipeline ransomware attack.

Bloomberg | Bloomberg | Getty Images

With ransomware attacks surging and 2024 on track to be one of the worst years on record, U.S. officials are seeking ways to counter the threat, in some cases, urging a new approach to ransom payments.

Ann Neuberger, U.S. deputy national security adviser for cyber and emerging technologies, wrote in a recent Financial Times opinion piece, that insurance policies — especially those covering ransomware payment reimbursements — are fueling the very same criminal ecosystems they seek to mitigate. “This is a troubling practice that must end,” she wrote, advocating for stricter cybersecurity requirements as a condition for coverage to discourage ransom payments.

Zeroing in on cyber insurance as a key area for reform comes as the U.S. government scrambles to find ways to disrupt ransomware networks. According to the latest report by the Office of the Director of National Intelligence, by mid-2024 more than 2,300 incidents already had been recorded — nearly half targeting U.S. organizations — suggesting that 2024 could exceed the 4,506 attacks recorded globally in 2023.

Yet even as policymakers scrutinize insurance practices and explore broader measures to disrupt ransomware operations, businesses are still left to grapple with the immediate question when they are under attack: Pay the ransom and potentially incentivize future attacks or refuse and risk further damage.

For many organizations, deciding whether to pay a ransom is a difficult and urgent decision. “In 2024, I attended a briefing by the FBI where they continued to advise against paying a ransom,” said Paul Underwood, vice president of security at IT services company Neovera. “However, after making that statement, they said that they understand that it’s a business decision and that when companies make that decision, it is taking into account many more factors than just ethics and good business practices. Even the FBI understood that businesses need to do whatever it takes to get back to operations,” Underwood said.

The FBI declined to comment.

“There’s no black or white here,” said cybersecurity expert Bryan Hornung, CEO of Xact IT Solutions. “There’s so many things that go into play when it comes to making the decision on whether you’re even going to entertain paying the ransom,” he said.

The urgency to restore operations can push businesses into making decisions they may not be prepared for, as does the fear of increasing damage. “The longer something goes on, the bigger the blast radius,” Hornung said. “I’ve been in rooms with CEOs who swore they’d never pay, only to reverse course when faced with prolonged downtime.”  

In addition to operational downtime, the potential exposure of sensitive data — especially if it involves customers, employees, or partners — creates heightened fear and urgency. Organizations not only face the possibility of immediate reputational damage but also class-action lawsuits from affected individuals, with the cost of litigation and settlements in some cases far outweighing the ransom demand, and driving companies to pay just to contain the fallout.

“There are lawyers out there who know how to put together class-action lawsuits based on what’s on the dark web,” Hornung said. “They have teams that find information that’s been leaked — driver’s licenses, Social Security numbers, health information — and they contact these people and tell them it’s out there. Next thing you know, you’re defending a multimillion-dollar class-action lawsuit.”  

Ransom demands, data leaks, and legal settlements

A notable example is Lehigh Valley Health Network. In 2023, the Pennsylvania-based hospital refused to pay the $5 million ransom to the ALPHV/BlackCat gang, leading to a data leak affecting 134,000 patients on the dark web, including nude photos of about 600 breast cancer patients. The fallout was severe, resulting in a class-action lawsuit, which claimed that “while LVHN is publicly patting itself on the back for standing up to these hackers and refusing to meet their ransom demands, they are consciously and internationally ignoring the real victims.”

LVHN agreed to settle the case for $65 million.

Similarly, background-check giant National Public Data is facing multiple class-action lawsuits, along with more than 20 states levying civil rights violations and possible fines by the Federal Trade Commission, after a hacker posted NPD’s database of 2.7 billion records on the dark web in April. The data included 272 million Social Security numbers, as well as full names, addresses, phone numbers and other personal data of both living and deceased individuals. The hacker group allegedly demanded a ransom to return the stolen data, though it remains unclear whether NPD paid it.

What is clear, though, is that the NPD did not immediately report the incident. Consequently, its slow and incomplete response — especially its failure to provide identity theft protection to victims — resulted in a number of legal issues, leading its parent company, Jerico Pictures, to file for Chapter 11 on Oct. 2.

NPD did not to respond to requests for comment.

Darren Williams, founder of BlackFog, a cybersecurity firm that specializes in ransomware prevention and cyber warfare, is firmly against paying ransoms. In his view, paying encourages more attacks, and once sensitive data has been exfiltrated, “it is gone forever,” he said.

Even when companies choose to pay, there’s no certainty the data will remain secure. UnitedHealth Group experienced this firsthand after its subsidiary, Change Healthcare, was hit by the ALPHV/BlackCat ransom group in April 2023. Despite paying the $22 million ransom to prevent a data leak and quickly restore operations, a second hacker group, RansomHub, angry that ALPHV/BlackCat failed to distribute the ransom to its affiliates, accessed the stolen data and demanded an additional ransom payment from Change Healthcare. While Change Healthcare hasn’t reported if it paid, the fact that the stolen data was eventually leaked on the dark web indicates their demands most likely were not met.

The fear that a ransom payment may fund hostile organizations or even violate sanctions, given the links between many cybercriminals and geopolitical enemies of the U.S., makes the decision even more precarious. For example, according to a Comparitech Ransomware Roundup, when LoanDepot was attacked by the ALPHV/BlackCat group in January, the company refused to pay the $6 million ransom demand, opting instead to pay the projected $12 million to $17 million in recovery costs. The choice was primarily motivated by concerns about funding criminal groups with potential geopolitical ties. The attack affected around 17 million customers, leaving them unable to access their accounts or make payments, and in the end, customers still filed class-action lawsuits against LoanDepot, alleging negligence and breach of contract.

American companies are behind the curve in defending against cyber hacks, says Binary's David Kennedy

Regulatory scrutiny adds another layer of complexity to the decision-making process, according to Richard Caralli, a cybersecurity expert at Axio.

On the one hand, recently implemented SEC reporting requirements, which mandate disclosures about cyber incidents of material importance, as well as ransom payments and recovery efforts, may make companies less likely to pay because they fear legal action, reputational damage, or shareholder backlash. On the other hand, some companies may still opt to pay to prioritize a quick recovery, even if it means facing those consequences later.

“The SEC reporting requirements have certainly had an effect on the way in which organizations address ransomware,” Caralli said. “Being subjected to the consequences of ransomware alone is tricky to navigate with customers, business partners, and other stakeholders, as organizations must expose their weaknesses and lack of preparedness.” 

With the passage of the Cyber Incident Reporting for Critical Infrastructure Act, set to go into effect around October 2025, many non-SEC regulated organizations will soon face similar pressures. Under this ruling, companies in critical infrastructure sectors — which are often small and mid-sized entities — will be obligated to disclose any ransomware payments, further intensifying the challenges of handling these attacks.

Cybercriminals changing nature of data attack

As fast as cyber defenses improve, cybercriminals are even quicker to adapt.

“Training, awareness, defensive techniques, and not paying all contribute to the reduction of attacks. However, it is very likely that more sophisticated hackers will find other ways to disrupt businesses,” Underwood said.

A recent report from cyber extortion specialist Coveware highlights a significant shift in ransomware patterns.

While not an entirely new tactic, hackers are increasingly relying on data exfiltration-only attacks. That means sensitive information is stolen but not encrypted, meaning victims can still access their systems. It’s a response to the fact that companies have improved their backup capabilities and become better prepared to recover from encryption-based ransomware. The ransom is demanded not for recovering encrypted files but to prevent the stolen data from being released publicly or sold on the dark web.

New attacks by lone wolf actors and nascent criminal groups have emerged following the collapse of ALPHV/BlackCat and Lockbit, according to Coveware. These two ransomware gangs were among the most prolific, with LockBit believed to have been responsible for nearly 2,300 attacks and ALPHV/BlackCat over 1,000, 75% of which were in the U.S.

BlackCat executed a planned exit after pilfering the ransom owed to its affiliates in the Change Healthcare attack. Lockbit was taken down after an international law-enforcement operation seized its platforms, hacking tools, cryptocurrency accounts, and source codes. However, even though these operations have been disrupted, ransomware infrastructures are quickly rebuilt and rebranded under new names.

“Ransomware has one of the lowest barriers to entry for any type of crime,” said BlackFog’s Williams. “Other forms of crime carry significant risks, such as jail time and death. Now, with the ability to shop on the dark web and leverage the tools of some of the most successful gangs for a small fee, the risk-to-reward ratio is quite high.”

Making ransom a last resort

One point on which cybersecurity experts universally agree is that prevention is the ultimate solution.

As a benchmark, Hornung recommends businesses allocate between one percent and three percent of their top-line revenue toward cybersecurity, with sectors like health care and financial services, which handle highly sensitive data, at the higher end of this range. “If not, you’re going to be in trouble,” he said. “Until we can get businesses to do the right things to protect, detect, and respond to these events, companies are going to get hacked and we’re going to have to deal with this challenge.”

Additionally, proactive measures such as endpoint detection — a type of “security guard” on your computer that constantly looks for signs of unusual or suspicious activity and alerts you — or response and ransomware rollback, a backup feature that kicks in and will undo damage and get you your files back if a hacker locks you out of your system, can minimize damage when an attack occurs, Underwood said.

A well-developed plan can help ensure that paying the ransom is a last resort, not the first option.

“Organizations tend to panic and have knee-jerk reactions to ransomware intrusions,” Caralli said. To avoid this, he stresses the importance of developing an incident response plan that outlines specific actions to take during a ransomware attack, including countermeasures such as reliable data backups and regular drills to ensure that recovery processes work in real-world scenarios.

Hornung says ransomware attacks — and the pressure to pay — will remain high. “Prevention is always cheaper than the cure,” he said, “but businesses are asleep at the wheel.”

The risk is not limited to large enterprises. “We work with a lot of small- and medium-sized businesses, and I say to them, ‘You’re not too small to be hacked. You’re just too small to be in the news.'”

If no organization paid the ransom, the financial benefit of ransomware attacks would be diminished, Underwood said. But he added that it wouldn’t stop hackers.

“It is probably safe to say that more organizations that do not pay would also cause attackers to stop trying or perhaps try other methods, such as stealing the data, searching for valuable assets, and selling it to interested parties,” he said. “A frustrated hacker may give up, or they will try alternative methods. They are, for the most part, on the offensive.”

Continue Reading

Technology

How TikTok’s rise sparked a short-form video race

Published

on

By

How TikTok’s rise sparked a short-form video race

TikTok’s grip on the short-form video market is tightening, and the world’s biggest tech platforms are racing to catch up.

Since launching globally in 2016, ByteDance-owned TikTok has amassed over 1.12 billion monthly active users worldwide, according to Backlinko. American users spend an average of 108 minutes per day on the app, according to Apptoptia.

TikTok’s success has reshaped the social media landscape, forcing competitors like Meta and Google to pivot their strategies around short-form video. But so far, experts say that none have matched TikTok’s algorithmic precision.

“It is the center of the internet for young people,” said Jasmine Enberg, vice president and principal analyst at Emarketer. “It’s where they go for entertainment, news, trends, even shopping. TikTok sets the tone for everyone else.”

Platforms like Meta‘s Instagram Reels and Google’s YouTube Shorts have expanded aggressively, launching new features, creator tools and even considering separate apps just to compete. Microsoft-owned LinkedIn, traditionally a professional networking site, is the latest to experiment with TikTok-style feeds. But with TikTok continuing to evolve, adding features like e-commerce integrations and longer videos, the question remains whether rivals can keep up.

“I’m scrolling every single day. I doom scroll all the time,” said TikTok content creator Alyssa McKay.

But there may a dark side to this growth.

As short-form content consumption soars, experts warn about shrinking attention spans and rising mental-health concerns, particularly among younger users. Researchers like Dr. Yann Poncin, associate professor at the Child Study Center at Yale University, point to disrupted sleep patterns and increased anxiety levels tied to endless scrolling habits.

“Infinite scrolling and short-form video are designed to capture your attention in short bursts,” Dr. Poncin said. “In the past, entertainment was about taking you on a journey through a show or story. Now, it’s about locking you in for just a few seconds, just enough to feed you the next thing the algorithm knows you’ll like.”

Despite sky-high engagement, monetizing short videos remains an uphill battle. Unlike long-form YouTube content, where ads can be inserted throughout, short clips offer limited space for advertisers. Creators, too, are feeling the squeeze.

“It’s never been easier to go viral,” said Enberg. “But it’s never been harder to turn that virality into a sustainable business.”

Last year, TikTok generated an estimated $23.6 billion in ad revenues, according to Oberlo, but even with this growth, many creators still make just a few dollars per million views. YouTube Shorts pays roughly four cents per 1,000 views, which is less than its long-form counterpart. Meanwhile, Instagram has leaned into brand partnerships and emerging tools like “Trial Reels,” which allow creators to experiment with content by initially sharing videos only with non-followers, giving them a low-risk way to test new formats or ideas before deciding whether to share with their full audience. But Meta told CNBC that monetizing Reels remains a work in progress.

While lawmakers scrutinize TikTok’s Chinese ownership and explore potential bans, competitors see a window of opportunity. Meta and YouTube are poised to capture up to 50% of reallocated ad dollars if TikTok faces restrictions in the U.S., according to eMarketer.

Watch the video to understand how TikTok’s rise sparked a short form video race.

Continue Reading

Technology

Elon Musk’s xAI Holdings in talks to raise $20 billion, Bloomberg News reports

Published

on

By

Elon Musk's xAI Holdings in talks to raise  billion, Bloomberg News reports

The X logo appears on a phone, and the xAI logo is displayed on a laptop in Krakow, Poland, on April 1, 2025. (Photo by Klaudia Radecka/NurPhoto via Getty Images)

Nurphoto | Nurphoto | Getty Images

Elon Musk‘s xAI Holdings is in discussions with investors to raise about $20 billion, Bloomberg News reported Friday, citing people familiar with the matter.

The funding would value the company at over $120 billion, according to the report.

Musk was looking to assign “proper value” to xAI, sources told CNBC’s David Faber earlier this month. The remarks were made during a call with xAI investors, sources familiar with the matter told Faber. The Tesla CEO at that time didn’t explicitly mention any upcoming funding round, but the sources suggested xAI was preparing for a substantial capital raise in the near future.

The funding amount could be more than $20 billion as the exact figure had not been decided, the Bloomberg report added.

Artificial intelligence startup xAI didn’t immediately respond to a CNBC request for comment outside of U.S. business hours.

Faber Report: Elon Musk held call with current xAI investors, sources say

The AI firm last month acquired X in an all-stock deal that valued xAI at $80 billion and the social media platform at $33 billion.

“xAI and X’s futures are intertwined. Today, we officially take the step to combine the data, models, compute, distribution and talent,” Musk said on X, announcing the deal. “This combination will unlock immense potential by blending xAI’s advanced AI capability and expertise with X’s massive reach.”

Read the full Bloomberg story here.

— CNBC’s Samantha Subin contributed to this report.

Continue Reading

Technology

Alphabet jumps 3% as search, advertising units show resilient growth

Published

on

By

Alphabet jumps 3% as search, advertising units show resilient growth

Alphabet CEO Sundar Pichai during the Google I/O developers conference in Mountain View, California, on May 10, 2023.

David Paul Morris | Bloomberg | Getty Images

Alphabet‘s stock gained 3% Friday after signaling strong growth in its search and advertising businesses amid a competitive artificial intelligence environment and uncertain macro backdrop.

GOOGL‘s pace of GenAI product roll-out is accelerating with multiple encouraging signals,” wrote Morgan Stanley‘s Brian Nowak. “Macro uncertainty still exists but we remain [overweight] given GOOGL’s still strong relative position and improving pace of GenAI enabled product roll-out.”

The search giant posted earnings of $2.81 per share on $90.23 billion in revenues. That topped the $89.12 billion in sales and $2.01 in EPS expected by LSEG analysts. Revenues grew 12% year-over-year and ahead of the 10% anticipated by Wall Street.

Net income rose 46% to $34.54 billion, or $2.81 per share. That’s up from $23.66 billion, or $1.89 per share, in the year-ago period. Alphabet said the figure included $8 billion in unrealized gains on its nonmarketable equity securities connected to its investment in a private company.

Adjusted earnings, excluding that gain, were $2.27 per share, according to LSEG, and topped analyst expectations.

Read more CNBC tech news

Alphabet shares have pulled back about 16% this year as it battles volatility spurred by mounting trade war fears and worries that President Donald Trump‘s tariffs could crush the global economy. That would make it more difficult for Alphabet to potentially acquire infrastructure for data centers powering AI models as it faces off against competitors such as OpenAI and Anthropic to develop largely language models.

During Thursday’s call with investors, Alphabet suggested that it’s too soon to tally the total impact of tariffs. However, Google’s business chief Philipp Schindler said that ending the de minimis trade exemption in May, which created a loophole benefitting many Chinese e-commerce retailers, could create a “slight headwind” for the company’s ads business, specifically in the Asia-Pacific region. The loophole allows shipments under $800 to come into the U.S. duty-free.

Despite this backdrop, Alphabet showed steady growth in its advertising and search business, reporting $66.89 billion in revenues for its advertising unit. That reflected 8.5% growth from the year-ago period. The company reported $8.93 billion in advertising revenue for its YouTube business, shy of an $8.97 billion estimate from StreetAccount.

Alphabet’s “Search and other” unit rose 9.8% to $50.7 billion, up from $46.16 billion last year. The company said that its AI Overviews tool used in its Google search results page has accumulated 1.5 billion monthly users from a billion in October.

Bank of America analyst Justin Post said that Wall Street is underestimating the upside potential and “monetization ramp” from this tool and cloud demand fueled by AI.

“The strong 1Q search performance, along with constructive comments on Gemini [large language model] performance and [AI Overviews] adoption could help alleviate some investor concerns on AI competition,” Post wrote in a note.

WATCH: Gemini delivering well for Google, says Check Capital’s Chris Ballard

Gemini delivering well for Google, says Check Capital's Chris Ballard

CNBC’s Jennifer Elias contributed to this report.

Continue Reading

Trending