National Security Agency warns against paying ransoms

SAN FRANCISCO -- The recent ransomware attack against Change Healthcare underscored how ineffective paying a ransom can be for victim organizations, according to National Security Agency representatives.

Rob Joyce, former director of cybersecurity for the National Security Agency (NSA), and David Luber, NSA's current director of cybersecurity, led an RSA Conference 2024 session on Wednesday titled, "State of the Hack 2024: NSA's Perspectives." Joyce and Luber covered a range of topics including edge device security, ransomware, increasing threats to critical infrastructure, and cloud security risks.

Joyce and Luber addressed one way to quell the significant ransomware threat -- by implementing a ransom payment ban which would make it illegal for victim organizations to give into demands. Several cybersecurity vendors observed record numbers of ransomware attacks in 2023, which reignited the payment ban discussion across the industry.

Joyce and Luber stressed that whether to implement a ban is an area of ...