Ciaran Martin warned that the spate of ransomware attacks is “close to getting out of control” in the U.K.
Insurance companies should be legally prohibited from reimbursing companies for ransomware demands, according to one of Britain’s foremost cybersecurity experts.
Martin ran the National Cyber Security Center until August 2020, and warned that insurers are inadvertently helping to finance organized crime by compensating companies who stump up ransoms in order to regain access to their files.
Under an unusual loophole in the U.K.’s extortion laws, ransoms cannot be paid to terrorists, but they can be paid in the event of a cyberattack.
In many cases, the hackers who orchestrate such attacks demand the ransom in cryptocurrencies such as Monero and Bitcoin to evade detection. Just some of the high-profile brands to fall victim to these incidents include Garmin and Travelex.
Although the criminals behind these incidents often say that they wouldn’t deliberately aim to cripple a hospital’s infrastructure, IT systems aren’t always clearly marked as belonging to medical facilities, meaning that they are still susceptible to being targeted. Martin went on to tell the newspaper:
“You have to look seriously about changing the law on insurance and banning these payments, or at the very least, having a major consultation with the industry … In the last year, experts are saying this is close to getting out of control. The law is nobody’s fault, it was written for another purpose, but it has become OK to pay out to criminals.”