There’s a Better Way to Stop Ransomware Attacks
Mr. Rosenzweig is a lawyer who writes and consults on issues of cybersecurity. He worked on cybersecurity policy at the Department of Homeland Security, where he was the deputy assistant secretary for policy from 2005 to 2009.
Ransomware attacks are plaguing the United States. With alarming regularity, cybercriminals disrupt computer systems controlling important pieces of infrastructure and refuse to restore access until they are paid — typically in Bitcoin or another decentralized, hard-to-trace cryptocurrency.
In May, cybercriminals disabled one of the largest gasoline pipelines in the United States. In June, cyberattacks caused the world’s largest meat-processing company to shut down nine beef plants. Attacks on smaller entities — the Steamship Authority of Massachusetts, Baltimore’s city government — attract less attention but speak to how common ransomware crime has become.
The Biden administration has taken some steps to address the problem. An executive order in May directed the federal government to enhance coordination on the issue. A national security memorandum in July outlined better security standards for America’s industrial control systems. And last week, at a meeting at the White House, President Biden asked the leaders of Apple, Google and other companies to do more to prevent cyberattacks.
But none of these efforts tackle the problem at its root. Ransomware attacks occur because criminals make money from them. If we can make it harder to profit from such attacks, they will decrease.