Learning from the Military: Valuable Ransomware Insights by Security Think Tank

As someone with a military intelligence background focused on disrupting terrorist financing, I witnessed the significant impact that financial actions can have on bad actors. Simply taking away a dollar from their pocket, or redirecting it elsewhere, often had a greater effect than physical force. If we can influence the battlefield by cutting off their financial flows, we can reduce the need for kinetic actions and better protect our troops.

When I first applied my military training to the cyber domain a decade ago, I adopted this mindset. Therefore, I find it hard not to agree with leading voices like Ciaran Martin, who suggest banning ransom payments to cyber threat actors. While there will always be debates about this approach, it’s clear that our current strategies are ineffective. Efforts to prevent public sector entities from paying ransoms or stop payments to designated terrorist or sanctioned groups have resulted in reduced targeting of these regions, sectors, or entities.

Moreover, the payments made to these groups often fund further illicit activities and bolster the economies that support them. They also enrich corrupt officials in states that seek to undermine our way of life. Recently, the NCA and their international counterparts achieved a major success by targeting the LockBit ransomware group using their own tactics against them. Combining effective law enforcement actions with the reduction of financial incentives for bad actors can have a tangible impact.

In my military experience, removing money from the pockets of certain terrorists directly led to a decrease in their activities. Desperation or discontent often caused them to make mistakes or expose themselves, making it easier for us to apprehend them. This principle applies in the cyber domain as well. By preventing crypto exchanges from facilitating ransom payments and placing additional pressure on threat actors, we can disrupt their operations.

However, banning ransom payments does raise legitimate concerns. It might divert threat actors’ attention towards fraud-based activities targeting individuals instead of corporate entities. This would burden those who are less financially capable. To address this issue, governments, telecommunications providers, infrastructure providers, service providers, domain and email providers must all take proactive measures to limit the capabilities of threat actors.

A ban on ransom payments is a positive step forward, but it must be accompanied by increased resources for law enforcement and intelligence agencies. Additionally, we need to impose stricter requirements on the providers of systems and infrastructures used by these actors. In the UK, our national cyber security strategy lacks the necessary coordination to effectively tackle this threat. Establishing a ransomware task force with the authority to drive change across multiple government departments, agencies, arm’s length bodies, and law enforcement is crucial to making the ban effective and minimizing unintended consequences.

Unlock your business potential with our expert guidance. Get in touch now!

silenced-gagged-secret-Michael-adobe.jpg

Post Office Criticized for Deleting Comments on IT Scandal from Social Media

Whitehouse-fotolia-scaled.jpg

When Leaders Overlook Cybersecurity Guidelines, the Entire System Suffers

Police-crime-2-adobe.jpg

Police Digital Service Board Director Resigns Months After CISO’s Departure

surveillance-CCTV-facial-recognition-Gorodenkoff-adobe.jpg

Essex Police Reveals ‘Incoherent’ Facial Recognition Evaluation

chatbot-1-fotolia.jpg

Podcast: RSA 2025 – Navigating AI Risks and the CISO’s Role

hybrid-cloud-storage-fotolia.jpg

Trump’s Visit Strengthens Saudi Arabia’s AI Initiatives

threat-management-fotolia.jpg

Security Tests Uncover Major Vulnerability in Government’s One Login Digital ID System