In 2021, North Carolina became the first state to prohibit public ransomware payments, even going so far as to ban negotiations with cyber criminals. It was a groundbreaking move. Florida followed suit in 2022, but its legislation took a less stringent approach, covering a narrower range of entities and omitting some of the stricter provisions found in North Carolina’s law.
North Carolina and Florida’s bans are the only ones that exist at the state level, but they have ignited a nationwide conversation about the best way to combat this pervasive cyber threat. Years later, experts still haven’t come to a unified conclusion about whether it’s the right approach. The heart of the matter lies in a moral and fiscal dilemma: Should governments refuse to fund criminal enterprises, even when the alternative could mean crippling disruptions to essential services like hospitals, schools and public safety?
Read more…
Source: Government Technology
Related:
- After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts
May 3, 2017
Experts have been warning for years about security blunders in the Signaling System 7 protocol – the magic glue used by cellphone networks to communicate with each other. These shortcomings can be potentially abused to, for example, redirect people’s calls and text messages to miscreants’ devices. Now we’ve seen the first case of crooks exploiting the ...
- Don’t click that Google Docs link! Gmail hijack mail spreads like wildfire
May 3, 2017
If you get an email today sharing a Google Docs file with you, don’t click it – you may accidentally hand over your Gmail inbox and your contacts to a mystery attacker. The phishing campaign really kicked off in a big way on Wednesday morning, US West Coast time. The malicious email contains what appears to ...
- Hundreds of Fake UK Bank Sites Exposed, Pose High Risk for Customers
May 3, 2017
Hackers have registered over 300 domains with names similar to those of several popular British banks, which they use to trick customers into handing over personal details or login data. According to DomainTools, a company handling domain names and DNS-based cyber threats, 324 such domains were discovered only in relation to banks in the United Kingdom, ...
- DDoS Attacks Can Cost Businesses Up to $2.5M Per Attack, Report Says
May 2, 2017
The time to respond and mitigate DDoS attacks can be costly for companies, and some businesses can lose roughly $2.5 million on average per attack, a research report released today said. Neustar, an analytics firm that sees swathes of DDoS attack telemetry daily, boiled down some of the figures in a dispatch, its annual Worldwide DDoS Attacks and Cyber Insights ...
- PCs with Intel Server Chipsets, Launched Since 2010, Can be Hacked Remotely
May 1, 2017
Updated: Since the below-reported vulnerability is highly critical and it would take a few weeks for sysadmins to protect their enterprise network, the research team has not yet disclosed the technical details of the vulnerability. Meanwhile, I have talked with Maksim Malyutin, a member of Embedi research team who discovered the vulnerability in March, and updated ...
- TalkTalk hack attack: Two men plead guilty to customer data theft
April 27, 2017
Two men have pleaded guilty to hacking into TalkTalk’s website in October 2015 and stealing thousands of customer records containing sensitive data. Matthew Hanley, 22, of Devonshire Drive, Tamworth admitted to three offences under the Computer Misuse Act. The Metropolitan Police said that he confessed to breaching TalkTalk’s site, had obtained files that would enable the ...