By Zachary Goldman and Damon McCoy | The Hill
Individuals and institutions affected by the WannaCry ransomware attack face a Hobson’s choice — the malicious software (malware) encrypts a user’s documents while the decryption keys remain in the hands of the cybercriminals. Victims of the attack can either pay the hackers for the release of their files, feeding the profit motive that generates attacks like this in the first instance, or refuse to do so and permanently say goodbye to their computers.
In this instance, the WannaCry attackers generally have not decrypted files after victims sent payment, making it an easy choice not to pay. But as a public policy matter, the WannaCry ransomware attack raises an equally thorny set of challenges, implicating technical questions surrounding the best ways to curtail the spread of this kind of malware, national security and intelligence policy, and corporate incentives to implement software updates. All of these challenges are taking place in a global context. In many ways, the WannaCry ransomware attack embodies the challenges and paradoxes of cybersecurity policy today and illustrates why sustainable solutions are difficult to achieve.
“Although the intelligence community, governments, and businesses have made efforts to implement policies to promote cybersecurity within their own networks, such efforts have been insufficient to stop serious breaches. These efforts must be coordinated, not just on a national scale, but on a global one.”