White House official says insurance companies must stop funding ransomware payments

Avatar

Insurance companies must stop issuing policies that incentivize making extortion payments in ransomware attacks, a senior White House official said on Friday.

The call for the practice to end, which was made without any indication the White House was formally proposing to ban the practice, follows the fourth annual International Counter Ransomware Initiative (CRI) summit in the United States this week, where the 68 members of the CRI discussed tackling the problem.

Writing an opinion piece in the Financial Times newspaper, Anne Neuberger, the U.S. deputy national security adviser for cyber and emerging technologies, warned that ransomware was “wreaking havoc around the world.”

She wrote: “Some insurance company policies — for example covering reimbursement of ransomware payments — incentivise payment of ransoms that fuel cyber crime ecosystems. This is a troubling practice that must end.” 

Attempts to engage with the insurance industry on this front have not yet delivered any promises, let alone formal agreements, although Neuberger said it could play a “constructive role” by “requiring and verifying implementation of effective cyber security measures as a condition of underwriting its policies, akin to the way fire alarm systems are required for home insurance.”

Earlier this year, after a long period of engagement with the British insurance industry, the United Kingdom’s National Cyber Security Centre (NCSC) announced only agreeing on guidance expressing a joint view of how businesses should handle ransomware attacks, including reviewing the decision to not make an extortion payment.

In a further development on this guidance, during the CRI summit this week, some members of the CRI (just 39) alongside 8 insurance industry bodies from around the world, endorsed almost identical guidance encouraging “organisations to carefully consider their options instead of rushing to make payments.”

The guidance falls very short of stopping the practice of insurance companies funding ransomware payments, as Neuberger called for.

Despite the availability of other guidance on best practice in ransomware responses, attacks targeting victims in the United Kingdom have roughly doubled over the past two years.

The figures are mirrored by what has happened in the United States, according to Laura Galante, the director of the cyberthreat intelligence integration center at the Office of the Director of National Intelligence, who told journalists on Sunday that the U.S. intelligence community has seen ransomware attacks nearly double in this period.

GovernmentCybercrimeNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

So far, cybercriminals appear to be just shopping around for a Telegram alternative

Next Post

Dutch police blame ‘state actor’ for recent data breach

Related Posts

The $10 Cyber Threat Responsible for the Biggest Breaches of 2024

You can tell the story of the current state of stolen credential-based attacks in three numbers: Stolen credentials were the #1 attacker action in 2023/24, and the breach vector for 80% of web app attacks. (Source: Verizon). Cybersecurity budgets grew again in 2024, with organizations now spending almost $1,100 per user (Source: Forrester).  Stolen credentials on criminal forums cost as
Avatar
Read More

CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched high-severity security flaw impacting Acclaim Systems USAHERDS to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The vulnerability in question is CVE-2021-44207 (CVSS score: 8.1), a case of hard-coded, static credentials in Acclaim USAHERDS that
Avatar
Read More