As someone with a military intelligence background focused on disrupting terrorist financing, I witnessed the significant impact that financial actions can have on bad actors. Simply taking away a dollar from their pocket, or redirecting it elsewhere, often had a greater effect than physical force. If we can influence the battlefield by cutting off their financial flows, we can reduce the need for kinetic actions and better protect our troops.
When I first applied my military training to the cyber domain a decade ago, I adopted this mindset. Therefore, I find it hard not to agree with leading voices like Ciaran Martin, who suggest banning ransom payments to cyber threat actors. While there will always be debates about this approach, it’s clear that our current strategies are ineffective. Efforts to prevent public sector entities from paying ransoms or stop payments to designated terrorist or sanctioned groups have resulted in reduced targeting of these regions, sectors, or entities.
Moreover, the payments made to these groups often fund further illicit activities and bolster the economies that support them. They also enrich corrupt officials in states that seek to undermine our way of life. Recently, the NCA and their international counterparts achieved a major success by targeting the LockBit ransomware group using their own tactics against them. Combining effective law enforcement actions with the reduction of financial incentives for bad actors can have a tangible impact.
In my military experience, removing money from the pockets of certain terrorists directly led to a decrease in their activities. Desperation or discontent often caused them to make mistakes or expose themselves, making it easier for us to apprehend them. This principle applies in the cyber domain as well. By preventing crypto exchanges from facilitating ransom payments and placing additional pressure on threat actors, we can disrupt their operations.
However, banning ransom payments does raise legitimate concerns. It might divert threat actors’ attention towards fraud-based activities targeting individuals instead of corporate entities. This would burden those who are less financially capable. To address this issue, governments, telecommunications providers, infrastructure providers, service providers, domain and email providers must all take proactive measures to limit the capabilities of threat actors.
A ban on ransom payments is a positive step forward, but it must be accompanied by increased resources for law enforcement and intelligence agencies. Additionally, we need to impose stricter requirements on the providers of systems and infrastructures used by these actors. In the UK, our national cyber security strategy lacks the necessary coordination to effectively tackle this threat. Establishing a ransomware task force with the authority to drive change across multiple government departments, agencies, arm’s length bodies, and law enforcement is crucial to making the ban effective and minimizing unintended consequences.
