Former UK Cybersecurity Chief Says Laws Are Needed to Stop Ransomware Payouts

“People are paying bitcoin to criminals and claiming back cash” via insurance claims, Ciaran Martin said.

Jan 25, 2021 at 9:43 a.m. UTC
Updated Sep 14, 2021 at 11:00 a.m. UTC

The U.K.’s former cybersecurity chief said companies paying hackers to recover from ransomware attacks are funding organized crime, and new laws may be needed to stop the practice.

  • Ciaran Martin, who was the founding chief executive of the National Cyber Security Centre (NCSC), told The Guardian that insurance firms sending funds on behalf of affected companies have made it “OK to pay out to criminals.”
  • “People are paying bitcoin to criminals and claiming back cash” via insurance claims, Martin said.
  • Criminal gangs often from Russia or other former Soviet states are fueling the ransomware problem, according to the report.
  • The U.K.’s extortion laws were formed mainly in response to the threat of kidnapping and forbid the payment of ransoms to terrorists, but don't apply to ransomware demands.
  • “In the last year, experts are saying this is close to getting out of control,” said Martin. “You have to look seriously about changing the law on insurance and banning these payments, or at the very least having a major consultation with the industry”.
  • Chainalysis recently reported ransomware attacks were up 311% in 2020 when compared to the year before.

DISCLOSURE

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.