Breaking the Ransomware Cycle: U.S. National Policy Options

July 2021
Topics: Policy, Critical Infrastructure Protection, Cybersecurity, Risk Management
Christopher Ford Ph.D., The MITRE Corporation
Charles Clancy Ph.D., The MITRE Corporation
Download PDF (852.25 KB)

The explosive growth and popularity of ransomware attacks in recent years is the result of dynamics in which costs and risks to attackers have all but disappeared and victims’ incentives to pay promptly have increased. 

It’s no surprise that this has attracted more predators to the “game” of digital ransom and has produced a feeding frenzy of ransomware attacks, including on critical infrastructure. U.S. officials have labeled ransomware a national crisis. 

To rein in the effectiveness of ransomware attacks we must directly address the incentive structures that have produced this crisis, argue Dr. Christopher Ford, former U.S. assistant secretary of state for international security and nonproliferation and senior advisor for geopolitical policy and strategy at MITRE Labs and Dr. Charles Clancy, MITRE’s chief futurist. 

In this policy paper, Ford and Clancy propose the following strategies for breaking the ransomware cycle:

  • Reduce victims’ incentives for paying ransom, including ending their ability to pass cyber ransom costs to insurance providers.
  • Increase criminal transaction costs by imposing traditional banking regulatory practices on cryptocurrency transactions.
  • Deny or deter safe havens for cyber criminals. 

Publications

Publication Search