Ransomware poses a significant challenge for CISOs, with many ultimately resorting to payments to regain control of their systems
In a move aimed at countering the growing threat of ransomware attacks, the U.S. government has introduced a regulatory framework that targets public sector and critical national infrastructure entities, while offering guidance for private organizations.
According to a report by Splunk, a staggering 9 in 10 Chief Information Security Officers (CISOs) have reported at least one disruptive cyberattack in the last year, with ransomware accounting for a majority of these incidents. This alarming trend has led to a focus on protecting essential public services, with a ban on ransom payments for public sector and critical infrastructure entities now in place.
For private organizations, the regulatory framework includes a mandatory reporting requirement, enabling the government to provide oversight and support in decision-making. The government encourages resilience measures like offline backups and contingency strategies to reduce reliance on paying ransoms.
Corporate stakeholders are also taking notice, with a growing interest in understanding the risk calculus of their technology stacks. They want to determine if their organizations are potential targets for ransomware attacks.
Ryan Kovar, leader of Surge, Splunk's blue team security research team, suggests that CISOs have a duty to anticipate ransoms and implement them in their budgeting for cyber insurance. CISOs are expected to operate under the assumption that ransom payments are effectively part of their job and need to have a plan before they get ransomed that places them in a position of strong resilience.
The U.S. government's efforts to combat ransomware extend beyond this regulatory framework. Through multi-stakeholder groups like the Ransomware Task Force, recommendations are being advanced that include legislative changes and enhanced disruption strategies against ransomware attacks.
The rising trend of ransomware attacks, especially on government agencies, reinforces the urgency of these policies. In early 2025, there was a 65% increase in ransomware attacks on government agencies compared to 2024.
Anne Neuberger, deputy national security advisor for cyber and emerging technologies, stated that paying ransoms fuels cybercriminal activities. Splunk researchers note that paying ransoms can be a lucrative business for ransomware gangs. Most organizations paid ransoms under $250,000, but nearly 1 in 10 paid ransoms over $1 million.
The Biden administration decided against an outright ban on ransom payments and instead encourages organizations not to pay. This approach aims to reduce the flow of money to cybercriminals and deter attacks against key public services, while still allowing private sector entities to make decisions based on their specific circumstances.
In conclusion, the U.S. government’s policy reflects a targeted ban on ransom payments by public and critical entities combined with reporting and advisory systems for the private sector. This approach seeks to balance reducing criminal incentives with practical considerations of incident response.
- To mitigate the escalating threat of ransomware and protect essential services, CISOs in private organizations are advised to implement proactive measures like offline backups, contingency strategies, and budgeting for cyber insurance, as suggested by Ryan Kovar from Surge, Splunk's blue team security research team.
- The Biden administration's emphasis on cybersecurity includes discouraging ransom payments, but not outright banning it, to disrupt the flow of money to cybercriminals and deter attacks on key public services. However, the government offers reporting and advisory systems to empower private sector entities in making informed decisions based on their unique circumstances.
