During a ransomware hack, attackers infiltrate a target’s computer system and encrypt its data. They then demand a payment before they will release the decryption key to free the system. This type of extortion has existed for decades, but in the 2010s it exploded in popularity, with online gangs holding local governments, infrastructure and even hospitals hostage. Ransomware is a collective problem—and solving it will require collaborative action from companies, the government and international partners.

     As long as victims keep paying, hackers will keep profiting from this type of attack. But cybersecurity experts are divided on whether the government should prohibit the paying of ransoms. Such a ban would disincentivize hackers, but it would also place some organizations in a moral quandary. For, say, a hospital, unlocking the computer systems as quickly as possible could be a matter of life or death for patients, and the fastest option may be to pay up.

     Collective action can help. If all organizations that fall victim to ransomware report their attacks, they will contribute to a trove of valuable data, which can be used to strike back against attackers. For example, certain ransomware gangs may use the exact same type of encryption in all their attacks. “White hat” hackers can and do study these trends, which allows them to retrieve and publish the decryption keys for specific types of ransomware. Many companies, however, remain reluctant to admit they have experienced a breach, wishing to avoid potential bad press. Overcoming that reluctance may require legislation, such as a bill introduced in the Senate last year that would require companies to report having paid a ransom within 24 hours of the transaction.

Internet:<www.scientificamerican.com> (adapted). 

    During a ransomware hack, attackers infiltrate a target’s computer system and encrypt its data. They then demand a payment before they will release the decryption key to free the system. This type of extortion has existed for decades, but in the 2010s it exploded in popularity, with online gangs holding local governments, infrastructure and even hospitals hostage. Ransomware is a collective problem—and solving it will require collaborative action from companies, the government and international partners.

     As long as victims keep paying, hackers will keep profiting from this type of attack. But cybersecurity experts are divided on whether the government should prohibit the paying of ransoms. Such a ban would disincentivize hackers, but it would also place some organizations in a moral quandary. For, say, a hospital, unlocking the computer systems as quickly as possible could be a matter of life or death for patients, and the fastest option may be to pay up.

     Collective action can help. If all organizations that fall victim to ransomware report their attacks, they will contribute to a trove of valuable data, which can be used to strike back against attackers. For example, certain ransomware gangs may use the exact same type of encryption in all their attacks. “White hat” hackers can and do study these trends, which allows them to retrieve and publish the decryption keys for specific types of ransomware. Many companies, however, remain reluctant to admit they have experienced a breach, wishing to avoid potential bad press. Overcoming that reluctance may require legislation, such as a bill introduced in the Senate last year that would require companies to report having paid a ransom within 24 hours of the transaction.

Internet:<www.scientificamerican.com> (adapted). 

    During a ransomware hack, attackers infiltrate a target’s computer system and encrypt its data. They then demand a payment before they will release the decryption key to free the system. This type of extortion has existed for decades, but in the 2010s it exploded in popularity, with online gangs holding local governments, infrastructure and even hospitals hostage. Ransomware is a collective problem—and solving it will require collaborative action from companies, the government and international partners.

     As long as victims keep paying, hackers will keep profiting from this type of attack. But cybersecurity experts are divided on whether the government should prohibit the paying of ransoms. Such a ban would disincentivize hackers, but it would also place some organizations in a moral quandary. For, say, a hospital, unlocking the computer systems as quickly as possible could be a matter of life or death for patients, and the fastest option may be to pay up.

     Collective action can help. If all organizations that fall victim to ransomware report their attacks, they will contribute to a trove of valuable data, which can be used to strike back against attackers. For example, certain ransomware gangs may use the exact same type of encryption in all their attacks. “White hat” hackers can and do study these trends, which allows them to retrieve and publish the decryption keys for specific types of ransomware. Many companies, however, remain reluctant to admit they have experienced a breach, wishing to avoid potential bad press. Overcoming that reluctance may require legislation, such as a bill introduced in the Senate last year that would require companies to report having paid a ransom within 24 hours of the transaction.

Internet:<www.scientificamerican.com> (adapted). 

    During a ransomware hack, attackers infiltrate a target’s computer system and encrypt its data. They then demand a payment before they will release the decryption key to free the system. This type of extortion has existed for decades, but in the 2010s it exploded in popularity, with online gangs holding local governments, infrastructure and even hospitals hostage. Ransomware is a collective problem—and solving it will require collaborative action from companies, the government and international partners.

     As long as victims keep paying, hackers will keep profiting from this type of attack. But cybersecurity experts are divided on whether the government should prohibit the paying of ransoms. Such a ban would disincentivize hackers, but it would also place some organizations in a moral quandary. For, say, a hospital, unlocking the computer systems as quickly as possible could be a matter of life or death for patients, and the fastest option may be to pay up.

     Collective action can help. If all organizations that fall victim to ransomware report their attacks, they will contribute to a trove of valuable data, which can be used to strike back against attackers. For example, certain ransomware gangs may use the exact same type of encryption in all their attacks. “White hat” hackers can and do study these trends, which allows them to retrieve and publish the decryption keys for specific types of ransomware. Many companies, however, remain reluctant to admit they have experienced a breach, wishing to avoid potential bad press. Overcoming that reluctance may require legislation, such as a bill introduced in the Senate last year that would require companies to report having paid a ransom within 24 hours of the transaction.

Internet:<www.scientificamerican.com> (adapted).