Should Paying Ransoms to Attackers Be Banned?

Healthcare Info Security

Doug Olenick

Insurance company CNA's apparent decision to pay attackers a $40 million ransom and Colonial Pipeline Co.'s payment of a $4.4 million ransom are stirring debate over whether such payments should be banned under federal law.

Bloomberg News reported Thursday that Chicago-based CNA had paid the hefty ransom (see: Insurer CNA Disconnects Systems After 'Cybersecurity Attack'). Meanwhile, Colonial Pipeline CEO Joseph Blount confirmed Wednesday that the company had paid a ransom on May 7 after discovering an attack using DarkSide ransomware that led the company to temporarily shut down its fuel pipeline serving the East Coast.

CNA reported being victimized by a "cybersecurity attack" on March 23 that caused a network disruption and affected certain systems, including corporate email. The attack led the company to disconnect its systems, including taking down its website. CNA later confirmed it had been victimized by ransomware.

But CNA has...

Get the Morning Update

Thanks for subscribing!