The government is getting fed up with ransomware payments fueling endless cycle of cyberattacks
Anne Neuberger, deputy national security advisor for cyber and emerging technologies, speaks during a news conference in the James S. Brady Press Briefing Room at the White House in Washington, D.C., U.S., on Monday, May 10, 2021 amid the Colonial fuel pipeline ransomware attack.
Bloomberg | Bloomberg | Getty Images
With ransomware attacks surging and 2024 on track to be one of the worst years on record, U.S. officials are seeking ways to counter the threat, in some cases, urging a new approach to ransom payments.
Ann Neuberger, U.S. deputy national security adviser for cyber and emerging technologies, wrote in a recent Financial Times opinion piece, that insurance policies — especially those covering ransomware payment reimbursements — are fueling the very same criminal ecosystems they seek to mitigate. “This is a troubling practice that must end,” she wrote, advocating for stricter cybersecurity requirements as a condition for coverage to discourage ransom payments.
Zeroing in on cyber insurance as a key area for reform comes as the U.S. government scrambles to find ways to disrupt ransomware networks. According to the latest report by the Office of the Director of National Intelligence, by mid-2024 more than 2,300 incidents already had been recorded — nearly half targeting U.S. organizations — suggesting that 2024 could exceed the 4,506 attacks recorded globally in 2023.
Yet even as policymakers scrutinize insurance practices and explore broader measures to disrupt ransomware operations, businesses are still left to grapple with the immediate question when they are under attack: Pay the ransom and potentially incentivize future attacks or refuse and risk further damage.
For many organizations, deciding whether to pay a ransom is a difficult and urgent decision. “In 2024, I attended a briefing by the FBI where they continued to advise against paying a ransom,” said Paul Underwood, vice president of security at IT services company Neovera. “However, after making that statement, they said that they understand that it’s a business decision and that when companies make that decision, it is taking into account many more factors than just ethics and good business practices. Even the FBI understood that businesses need to do whatever it takes to get back to operations,” Underwood said.
The FBI declined to comment.
“There’s no black or white here,” said cybersecurity expert Bryan Hornung, CEO of Xact IT Solutions. “There’s so many things that go into play when it comes to making the decision on whether you’re even going to entertain paying the ransom,” he said.
The urgency to restore operations can push businesses into making decisions they may not be prepared for, as does the fear of increasing damage. “The longer something goes on, the bigger the blast radius,” Hornung said. “I’ve been in rooms with CEOs who swore they’d never pay, only to reverse course when faced with prolonged downtime.”
In addition to operational downtime, the potential exposure of sensitive data — especially if it involves customers, employees, or partners — creates heightened fear and urgency. Organizations not only face the possibility of immediate reputational damage but also class-action lawsuits from affected individuals, with the cost of litigation and settlements in some cases far outweighing the ransom demand, and driving companies to pay just to contain the fallout.
“There are lawyers out there who know how to put together class-action lawsuits based on what’s on the dark web,” Hornung said. “They have teams that find information that’s been leaked — driver’s licenses, Social Security numbers, health information — and they contact these people and tell them it’s out there. Next thing you know, you’re defending a multimillion-dollar class-action lawsuit.”
Ransom demands, data leaks, and legal settlements
A notable example is Lehigh Valley Health Network. In 2023, the Pennsylvania-based hospital refused to pay the $5 million ransom to the ALPHV/BlackCat gang, leading to a data leak affecting 134,000 patients on the dark web, including nude photos of about 600 breast cancer patients. The fallout was severe, resulting in a class-action lawsuit, which claimed that “while LVHN is publicly patting itself on the back for standing up to these hackers and refusing to meet their ransom demands, they are consciously and internationally ignoring the real victims.”
LVHN agreed to settle the case for $65 million.
Similarly, background-check giant National Public Data is facing multiple class-action lawsuits, along with more than 20 states levying civil rights violations and possible fines by the Federal Trade Commission, after a hacker posted NPD’s database of 2.7 billion records on the dark web in April. The data included 272 million Social Security numbers, as well as full names, addresses, phone numbers and other personal data of both living and deceased individuals. The hacker group allegedly demanded a ransom to return the stolen data, though it remains unclear whether NPD paid it.
What is clear, though, is that the NPD did not immediately report the incident. Consequently, its slow and incomplete response — especially its failure to provide identity theft protection to victims — resulted in a number of legal issues, leading its parent company, Jerico Pictures, to file for Chapter 11 on Oct. 2.
NPD did not to respond to requests for comment.
Darren Williams, founder of BlackFog, a cybersecurity firm that specializes in ransomware prevention and cyber warfare, is firmly against paying ransoms. In his view, paying encourages more attacks, and once sensitive data has been exfiltrated, “it is gone forever,” he said.
Even when companies choose to pay, there’s no certainty the data will remain secure. UnitedHealth Group experienced this firsthand after its subsidiary, Change Healthcare, was hit by the ALPHV/BlackCat ransom group in April 2023. Despite paying the $22 million ransom to prevent a data leak and quickly restore operations, a second hacker group, RansomHub, angry that ALPHV/BlackCat failed to distribute the ransom to its affiliates, accessed the stolen data and demanded an additional ransom payment from Change Healthcare. While Change Healthcare hasn’t reported if it paid, the fact that the stolen data was eventually leaked on the dark web indicates their demands most likely were not met.
The fear that a ransom payment may fund hostile organizations or even violate sanctions, given the links between many cybercriminals and geopolitical enemies of the U.S., makes the decision even more precarious. For example, according to a Comparitech Ransomware Roundup, when LoanDepot was attacked by the ALPHV/BlackCat group in January, the company refused to pay the $6 million ransom demand, opting instead to pay the projected $12 million to $17 million in recovery costs. The choice was primarily motivated by concerns about funding criminal groups with potential geopolitical ties. The attack affected around 17 million customers, leaving them unable to access their accounts or make payments, and in the end, customers still filed class-action lawsuits against LoanDepot, alleging negligence and breach of contract.
Regulatory scrutiny adds another layer of complexity to the decision-making process, according to Richard Caralli, a cybersecurity expert at Axio.
On the one hand, recently implemented SEC reporting requirements, which mandate disclosures about cyber incidents of material importance, as well as ransom payments and recovery efforts, may make companies less likely to pay because they fear legal action, reputational damage, or shareholder backlash. On the other hand, some companies may still opt to pay to prioritize a quick recovery, even if it means facing those consequences later.
“The SEC reporting requirements have certainly had an effect on the way in which organizations address ransomware,” Caralli said. “Being subjected to the consequences of ransomware alone is tricky to navigate with customers, business partners, and other stakeholders, as organizations must expose their weaknesses and lack of preparedness.”
With the passage of the Cyber Incident Reporting for Critical Infrastructure Act, set to go into effect around October 2025, many non-SEC regulated organizations will soon face similar pressures. Under this ruling, companies in critical infrastructure sectors — which are often small and mid-sized entities — will be obligated to disclose any ransomware payments, further intensifying the challenges of handling these attacks.
Cybercriminals changing nature of data attack
As fast as cyber defenses improve, cybercriminals are even quicker to adapt.
“Training, awareness, defensive techniques, and not paying all contribute to the reduction of attacks. However, it is very likely that more sophisticated hackers will find other ways to disrupt businesses,” Underwood said.
A recent report from cyber extortion specialist Coveware highlights a significant shift in ransomware patterns.
While not an entirely new tactic, hackers are increasingly relying on data exfiltration-only attacks. That means sensitive information is stolen but not encrypted, meaning victims can still access their systems. It’s a response to the fact that companies have improved their backup capabilities and become better prepared to recover from encryption-based ransomware. The ransom is demanded not for recovering encrypted files but to prevent the stolen data from being released publicly or sold on the dark web.
New attacks by lone wolf actors and nascent criminal groups have emerged following the collapse of ALPHV/BlackCat and Lockbit, according to Coveware. These two ransomware gangs were among the most prolific, with LockBit believed to have been responsible for nearly 2,300 attacks and ALPHV/BlackCat over 1,000, 75% of which were in the U.S.
BlackCat executed a planned exit after pilfering the ransom owed to its affiliates in the Change Healthcare attack. Lockbit was taken down after an international law-enforcement operation seized its platforms, hacking tools, cryptocurrency accounts, and source codes. However, even though these operations have been disrupted, ransomware infrastructures are quickly rebuilt and rebranded under new names.
“Ransomware has one of the lowest barriers to entry for any type of crime,” said BlackFog’s Williams. “Other forms of crime carry significant risks, such as jail time and death. Now, with the ability to shop on the dark web and leverage the tools of some of the most successful gangs for a small fee, the risk-to-reward ratio is quite high.”
Making ransom a last resort
One point on which cybersecurity experts universally agree is that prevention is the ultimate solution.
As a benchmark, Hornung recommends businesses allocate between one percent and three percent of their top-line revenue toward cybersecurity, with sectors like health care and financial services, which handle highly sensitive data, at the higher end of this range. “If not, you’re going to be in trouble,” he said. “Until we can get businesses to do the right things to protect, detect, and respond to these events, companies are going to get hacked and we’re going to have to deal with this challenge.”
Additionally, proactive measures such as endpoint detection — a type of “security guard” on your computer that constantly looks for signs of unusual or suspicious activity and alerts you — or response and ransomware rollback, a backup feature that kicks in and will undo damage and get you your files back if a hacker locks you out of your system, can minimize damage when an attack occurs, Underwood said.
A well-developed plan can help ensure that paying the ransom is a last resort, not the first option.
“Organizations tend to panic and have knee-jerk reactions to ransomware intrusions,” Caralli said. To avoid this, he stresses the importance of developing an incident response plan that outlines specific actions to take during a ransomware attack, including countermeasures such as reliable data backups and regular drills to ensure that recovery processes work in real-world scenarios.
Hornung says ransomware attacks — and the pressure to pay — will remain high. “Prevention is always cheaper than the cure,” he said, “but businesses are asleep at the wheel.”
The risk is not limited to large enterprises. “We work with a lot of small- and medium-sized businesses, and I say to them, ‘You’re not too small to be hacked. You’re just too small to be in the news.'”
If no organization paid the ransom, the financial benefit of ransomware attacks would be diminished, Underwood said. But he added that it wouldn’t stop hackers.
“It is probably safe to say that more organizations that do not pay would also cause attackers to stop trying or perhaps try other methods, such as stealing the data, searching for valuable assets, and selling it to interested parties,” he said. “A frustrated hacker may give up, or they will try alternative methods. They are, for the most part, on the offensive.”
Technology
Meta set to unveil first consumer-ready smart glasses with a display, wristband next month
Meta CEO Mark Zuckerberg makes a keynote speech at the Meta Connect annual event at the company’s headquarters in Menlo Park, Calif., on Sept. 25, 2024.
Manuel Orbegozo | Reuters
Meta is planning to use its annual Connect conference next month to announce a deeper push into smart glasses, including the launch of the company’s first consumer-ready glasses with a display, CNBC has learned.
That’s one of the two new devices Meta is planning to unveil at the event, according to people familiar with the matter. The company will also launch its first wristband that will allow users to control the glasses with hand gestures, the people said.
Connect is a two-day conference for developers focused on virtual reality, AR and the metaverse. It was originally called Oculus Connect and obtained its current moniker after Facebook changed its parent company name to Meta in 2021.
The glasses are internally codenamed Hypernova and will include a small digital display in the right lens of the device, said the people, who asked not to be named because the details are confidential.
The device is expected to cost about $800 and will be sold in partnership with EssilorLuxottica, the people said. CNBC reported in October that Meta was working with Luxottica on consumer glasses with a display.
Meta declined to comment. Luxottica, which is based in France and Italy, didn’t respond to a request for comment.
Meta began selling smart glasses with Luxottica in 2021 when the two companies released the first-generation Ray-Ban Stories, which allowed users to take photos or videos using simple voice commands. The partnership has since expanded, and last year included the addition of advanced AI features that made the second generation of the product an unexpected hit with early adopters.
Luxottica owns a number of glasses brands, including Ray-Ban, and licenses many others like Prada. It’s unclear what brand Luxottica will use for the glasses with AR, but a Meta job listing posted this week said the company is looking for a technical program manager for its “Wearables organization,” which “is responsible for the Ray-Ban AR glasses and other wearable hardware.”
In June, CNBC reported that Meta and Luxottica plan to release Prada-branded smart glasses. Prada glasses are known for having thick frames and arms, which could make them a suitable option for the Hypernova device, one of the people said.
Last year, Meta CEO Mark Zuckerberg used Connect to showcase the company’s experimental Orion AR glasses.
The Orion features AR capabilities on both lenses, capable of blending 3D digital visuals into the physical world, but the device served only as a prototype to show the public what could be possible with AR glasses. Still, Orion built some positive momentum for Meta, which since late 2020 has endured nearly $70 billion in losses from its Reality Labs unit that’s in charge of building hardware devices.
With Hypernova, Meta will finally be offering glasses with a display to consumers, but the company is setting low expectations for sales, some of the sources said. That’s because the device requires more components than its voice-only predecessors, and will be slightly heavier and thicker, the people said.
Meta and Ray-Ban have sold 2 million pairs of their second-generation glasses since 2023, Luxottica CEO Francesco Milleri said in February. In July, Luxottica said that revenue from sales of the smart glasses had more than tripled year over year.
As part of an extension agreement between Meta and Luxottica announced in September, Meta obtained a stake of about 3% in the glasses company according to Bloomberg. Meta also gets exclusive rights to Luxottica’s brands for its smart glasses technology for a number of years, a person familiar with the matter told CNBC in June.
Although Hypernova will feature a display, those visual features are expected to be limited, people familiar with the matter said. They said the color display will offer about a 20 degree field of view — meaning it will appear in a small window in a fixed position — and will be used primarily to relay simple bits of information, such as incoming text messages.
Andrew Bosworth, Meta’s technology chief, said earlier this month that there are advantages to having just one display rather than two, including a lower price.
“Monocular displays have a lot going for them,” Bosworth said in an Instagram video. “They’re affordable, they’re lighter, and you don’t have disparity correction, so they’re structurally quite a bit easier.”
‘Interact with an AI assistant’
Other details of Meta’s forthcoming glasses were disclosed in a July letter from the U.S. Customs and Border Patrol to a lawyer representing Meta. While the letter redacted the name of the company and the product, a person with knowledge of the matter confirmed that it was in reference to Meta’s Hypernova glasses.
“This model will enable the user to take and share photos and videos, make phone calls and video calls, send and receive messages, listen to audio playback and interact with an AI assistant in different forms and methods, including voice, display, and manual interactions,” according to the letter, dated July 23.
The letter from CBP was part of routine communication between companies and the U.S. government when determining the country of origin for a consumer product. It refers to the product as “New Smart Glasses,” and says the device will feature “a lens display function that allows the user to interface with visual content arising from the Smart Features, and components providing image data retrieval, processing, and rendering capabilities.”
CBP didn’t provide a comment for this story.
The Hypernova glasses will also come paired with a wristband that will use technology built by Meta’s CTRL Labs, said people familiar with the matter. CTRL Labs, which Meta acquired in 2019, specializes in building neural technology that could allow users to control computing devices using gestures in their arms.
The wristband is expected to be a key input component for the company’s future release of full AR glasses, so getting data now with Hypernova could improve future versions of the wristband, the people said. Instead of using camera sensors to track body movements, as with Apple’s Vision Pro headset, Meta’s wristband uses so-called sEMG sensor technology, which reads and interprets the electrical signals from hand movements.
One of the challenges Meta has faced with the wristband involves how people choose to wear it, a person familiar with the product’s development said. If the device is too loose, it won’t be able to read the user’s electrical signals as intended, which could impact its performance, the person said. Also, the wristband has run into issues in testing related to which arm it’s worn on, how it works on men versus women and how it functions on people who wear long sleeves.
The CTRL Labs team published a paper in Nature in July about its wristband, and Meta wrote about it in a blog post. In the paper, the Meta team detailed its use of machine learning technology to make the wristband work with as many people as possible. The additional data collected by the upcoming device should improve those capabilities for future Meta smart glasses.
“We successfully prototyped an sEMG wristband with Orion, our first pair of true augmented reality (AR) glasses, but that was just the beginning,” Meta wrote in the post. “Our teams have developed advanced machine learning models that are able to transform neural signals controlling muscles at the wrist into commands that drive people’s interactions with the glasses, eliminating the need for traditional—and more cumbersome—forms of input.”
Bloomberg reported the wristband component in January.
Meta has recently started reaching out to developers to begin testing both Hypernova and the accompanying wristband, people familiar with the matter said. The company wants to court third-party developers, particularly those who specialize in generative AI, to build experimental apps that Meta can showcase to drum up excitement for the smart glasses, the people said.
In addition to Hypernova and the wristband, Meta will also announce a third-generation of its voice-only smart glasses with Luxottica at Connect, one person said.
That device was also referenced by CBP in its July letter, referring to it as “The Next Generation Smart Glasses.” The glasses will include “components that provide capacitive touch functionality, allowing users to interact with the Smart Glasses through touch gestures,” the letter said.
WATCH: Elon Musk asked Zuckerberg to join xAI bit for OpenAI
Google CEO Sundar Pichai gestures to the crowd during Google’s annual I/O developers conference in Mountain View, California on May 20, 2025.
Camille Cohen | Afp | Getty Images
Alphabet shares rose on a Friday report that Apple is in early discussions to use Google’s Gemini AI models for an updated version of the iPhone-maker’s Siri assistant.
The company’s shares rose more than 3% on the Bloomberg report, which said Apple recently inquired of Google about the potential for the search giant to build a custom AI model that would power a new Siri that could launch next year. Google’s flagship AI models Gemini have consistently been atop key benchmarks for artificial intelligence advancements while Apple has struggled to define its own AI strategy.
The reported talks come as Google faces potential risk to its lucrative search deals with Apple. This month, a U.S. judge is expected to rule on the penalties for Google’s alleged search monopoly, in which the Department of Justice recommending eliminating exclusionary agreements with third parties. For Google, that refers to its search position on Apple’s iPhone and Samsung devices — deals that cost the company billions of dollars a year in payouts.
The Android maker has said its Gemini models will become the default assistant on Android phones. Google this year has showed Gemini doing capabilities that go beyond Siri’s capabilities, such as summarizing videos.
Craig Federighi, who oversees Apple’s operating systems, said at last year’s developer conference that the iPhone maker would like to add other AI models for specific purposes into its Apple Intelligence framework. Federighi specifically mentioned Google, whose Gemini can now hold conversations with users and handle input that comes from photos, videos, voice or text. Apple is also exploring partnerships with Anthropic and OpenAI as it tried to renew its AI roadmap, according to a June Bloomberg report.
Documents revealed during Google’s remedy trial showed executives from Apple were involved in the negotiations over using Google’s Gemini for a potential search option.
Google declined to comment.
WATCH: Apple explores using Google Gemini AI to power revamped Siri, reports say
-
Sports3 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports1 year agoStory injured on diving stop, exits Red Sox game
-
Sports2 years agoGame 1 of WS least-watched in recorded history
-
Sports2 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports4 years ago
Team Europe easily wins 4th straight Laver Cup
-
Sports2 years agoButton battles heat exhaustion in NASCAR debut
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment11 months agoHere are the best electric bikes you can buy at every price level in October 2024