tag:theconversation.com,2011:/africa/topics/ransom-12676/articlesransom – The Conversation2023-05-09T11:56:06Ztag:theconversation.com,2011:article/2040542023-05-09T11:56:06Z2023-05-09T11:56:06ZKidnapping in Nigeria: criminalising ransom payment isn’t working - families need support<figure><img src="https://images.theconversation.com/files/524076/original/file-20230503-176-5xqprb.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Parents and relatives of students from the Federal College of Forestry Mechanization in Kaduna, who were kidnapped, hold placards during a demonstration in Abuja on May 4, 2021.
</span> <span class="attribution"><span class="source">Kola Sulaimon/AFP via Getty Images</span></span></figcaption></figure><p>Kidnapping for ransom has become a national <a href="https://theconversation.com/whos-at-risk-of-being-kidnapped-in-nigeria-184217">security threat</a> in Nigeria. How it’s done varies from targeted individuals, to indiscriminate kidnappings and mass kidnapping in schools and communities.</p>
<p>And there has been a growing body of <a href="https://doi.org/10.1080/10926771.2019.1628155">research</a> on the subject. However, there remains a gap in the understanding of how families mobilise resources and deliver ransom to kidnappers.</p>
<p>To fill this gap, my <a href="https://www.researchgate.net/profile/Jude-Momodu">co-researcher</a> and I combined our expertise, mine on the <a href="https://theconversation.com/profiles/oludayo-tade-244002">science of criminality and the victims of crime in Nigeria</a> and his on peace and conflict.</p>
<p>Our <a href="https://www.tandfonline.com/doi/full/10.1080/01639625.2023.2197548">study</a> interrogated the roles that families play in finding support and in raising ransom money and ensuring it is delivered to kidnappers to get their loved ones released from captivity.</p>
<p>This information is important to appreciate the experiences, challenges, and coping strategies of those with family members who have been kidnapped. It can help to design post traumatic therapy for victims who have been rescued, as well as those who are close to them, and who may have been traumatised by the kidnap incidence.</p>
<p>We concluded from our findings that the Nigerian government’s decision to <a href="https://www.aljazeera.com/news/2022/4/27/nigeria-outlaws-ransom-payments-abduction-punishable-by-death">criminalise</a> ransom payment by families missed the point because it fails to address the protection of potential victims. It should be revisited.</p>
<h2>The study</h2>
<p>Our study focused on the Adamawa State in northeast Nigeria, where at least <a href="https://www.blueprint.ng/kidnapping-adamawa-residents-abandon-homes/">300 people</a> were kidnapped in 2019. </p>
<p>We interviewed <a href="https://www.tandfonline.com/doi/full/10.1080/01639625.2023.2197548">12 people</a>, through referrals. The sample size is appropriate for a research of this nature due to the confidence building process required to secure participation from, already traumatised, families and friends of people who have been kidnapped. </p>
<p>The people we interviewed included ransom negotiators, a pastor of the church of one of the victims, two police officers from the Force Intelligence Bureau and a Divisional Police Officer, one State Security Service agent, two wives of kidnapped people and five released kidnapped persons.</p>
<p>Our study showed that ransom negotiators were either nominated by families or by the person kidnapped. Kidnappers used threats and the beating of captives to unsettle families and pressure them to raise ransoms.</p>
<p>Family members raised ransoms through family, church and community donations, and through loans. Wives of kidnapped persons coped with spiritual support from church, experiences of others who faced similar situation, and counselling from significant others. Below we outline some of the nuances of our findings.</p>
<h2>Finding support</h2>
<p>People’s experience varied according to the relationship they had with the victims. For those at the scene of the kidnapping, the emotions and trauma experienced was heightened. </p>
<p>Ill-health, age, and ability to withstand pressure also increased the burden on family. </p>
<p>Our participants unpacked the support mechanisms they used to strengthen and give hope to the immediate family of the kidnapped person. </p>
<p>The church was a pillar of support for some. Others turned to family members, friends and neighbours. Others took loans to pay for the release of their family members.</p>
<p>Friends and brothers risked their lives to negotiate with kidnappers as well as take the ransom to the den of kidnappers. </p>
<h2>What’s usually needed</h2>
<p>We found that organising for the release of the kidnapped involved the following:</p>
<p><strong>Support systems:</strong> The immediate family of the kidnapped person would need a support system. This included emotional support as well as ensuring that the family had food to eat. The church provided spiritual support.</p>
<p><strong>Ransom negotiation team:</strong> Selecting or nominating the ransom negotiator was done by a person in the kidnappers’ den or by the family. In some cases, those kidnapped would be asked to drop names of people who could bring ransom money to the kidnappers. </p>
<p>One kidnapping victim gave the name of his father because the father was already a retiree and could mobilise family members to rally round and raise any amount. One nominated his childhood friend. </p>
<p><strong>Role of religious leaders:</strong> Spiritual support was provided by the church (prayer and empathising with victim’s family members). Our sample did not include people of other religious persuasions.</p>
<p><strong>Fund raising:</strong> Negotiators reported that they eventually mobilised and paid between 271,232 Naira (US$651.49) and 1,807,104 Naira (US$4,343.29) ransom depending on how well they could bargain and how the family cooperated. They highlighted the need to ensure that a wrong signal was not sent to kidnappers about the financial capacity of the family to prevent future kidnapping. Negotiators faced a variety of pressures. They had to deal with the family of the victims, their own families and the kidnappers who would beat the victims in the middle of negotiations. </p>
<h2>What needs to be done</h2>
<p>The family and their religious and social groups are vital players in the processes leading to the freedom of the captive through ransom mobilisation and delivery. This shows that the African kinship tie is still very strong especially when a member is going through difficulty. </p>
<p>Victims of kidnapping need supportive, coordinated, and organised families not to only negotiate and mobilise ransom but to also manage and cooperate with the kidnappers to ensure a safe release and return. </p>
<p>There is also the need for a post-traumatic counselling for the freed kidnapped victim, their spouses and children. </p>
<p>We concluded that it’s important to provide policies that support families and victims of kidnapping. And that the government must revisit the ban on payment of ransoms. The real issue is to prevent kidnapping. The Nigerian Government must discharge its responsibility to protect to Nigerians.</p><img src="https://counter.theconversation.com/content/204054/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Oludayo Tade does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>A lot is said about kidnapping for ransom in Nigeria but little is known about how families mobilise resources and deliver ransom to kidnappers.Oludayo Tade, Sociologist/Criminologist/Victimologist and Media Communication Expert, University of IbadanLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1941622022-11-08T05:48:43Z2022-11-08T05:48:43ZMedibank won’t pay hackers ransom. Is it the right choice?<figure><img src="https://images.theconversation.com/files/494018/original/file-20221108-21-8dok4d.jpeg?ixlib=rb-1.1.0&rect=69%2C57%2C4163%2C2767&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>Medibank is still refusing to pay a ransom of <a href="https://www.abc.net.au/news/2022-11-07/medibank-ceo-says-ransom-amount-irrelevant-10-million-hacked/101625012">an undisclosed amount</a> to cybercriminals, despite the hackers now allegedly threatening to <a href="https://www.theguardian.com/technology/2022/nov/08/medibank-data-hack-ransomware-group-threatens-to-release-customer-information">release the stolen data</a> on the dark web. </p>
<p>It’s reported the data of about 9.7 million current and former Medibank customers were <a href="https://www.theguardian.com/technology/2022/oct/24/medibank-hack-started-with-theft-of-staff-members-credentials-investigation-suggests">compromised in a breach</a> first confirmed by Medibank on October 13. </p>
<p>The data are said to include customers’ names, dates of birth, addresses, phone numbers and email addresses – as well as some 500,000 health claims with information such as patients’ service provider details, where they received medical services and the types of treatments they claimed.</p>
<p>Medibank’s chief executive has said the company won’t be paying up – a decision endorsed by Home Affairs Minister Clare O'Neil. But what does the evidence say?</p>
<h2>How were the data stolen?</h2>
<p>According to <a href="https://www.afr.com/technology/medibank-mystery-was-a-user-credential-all-that-was-needed-for-hack-20221021-p5brqv">various</a> <a href="https://www.theguardian.com/technology/2022/oct/24/medibank-hack-started-with-theft-of-staff-members-credentials-investigation-suggests">reports</a>, it all started when a hacker compromised the credentials of a Medibank employee who had access to a number of the company’s data repositories. It’s unclear whether the employee would have needed multifactor authentication to access these data – and, if so, whether this was also compromised.</p>
<p>It’s believed this hacker then sold the employee’s credentials to notorious cybercriminal group REvil via an online Russian language forum. Around midnight, REvil posted on the dark web threatening it would release the data in the next 24 hours should the ransom not be paid. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/holding-the-world-to-ransom-the-top-5-most-dangerous-criminal-organisations-online-right-now-163977">Holding the world to ransom: the top 5 most dangerous criminal organisations online right now</a>
</strong>
</em>
</p>
<hr>
<p>While there’s no evidence REvil does indeed have access to the stolen data, historically <a href="https://theconversation.com/holding-the-world-to-ransom-the-top-5-most-dangerous-criminal-organisations-online-right-now-163977">the REvil group</a> has not been found to bluff. There’s no reason to believe this time is different. </p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1589600814594949120"}"></div></p>
<p>Medibank first identified unusual activity on its network on October 12. It then launched a follow-up investigation that <a href="https://www.medibank.com.au/health-insurance/info/cyber-security/timeline/">confirmed the breach</a>. We don’t know how long the cybercriminals may have had access to its systems before then.</p>
<p>It’s reported they stole some 200GB of data in total. This is quite a large amount, and it would be unusual not to notice the exportation of <a href="https://www.theguardian.com/technology/2022/oct/24/medibank-hack-started-with-theft-of-staff-members-credentials-investigation-suggests">this much sensitive data</a>.</p>
<p>In this case, however, it seems the criminals used some sort of compression algorithm to minimise the data file size. This may have allowed the data extraction to be less obvious, perhaps also through splitting the data into smaller data packages.</p>
<h2>To pay or not to pay?</h2>
<p>Medibank chief executive David Koczkar has said the ransom request would not be paid, and “making any payment would increase the risk of extortion for our customers, and put more Australians at risk”. He said the decision is consistent with advice from cybersecurity experts and the <a href="https://www.abc.net.au/news/2022-11-07/medibank-refuses-to-pay-ransom-data-hack-cyber-attack/101622914">Australian government</a>. </p>
<p>This is, in fact, a smart decision. Even if the ransom is paid, it does not guarantee the cybercriminals will not use the stolen data for other malicious purposes, or won’t undertake further attacks against Medibank. </p>
<p>Law enforcement agencies across the world are against paying <a href="https://www.forbes.com/sites/edwardsegal/2022/07/29/why-experts-disagree-on-whether-businesses-should-pay-ransomware-demands/?sh=744a53ae4fca">ransoms</a>. However, there are life-threatening situations in a healthcare context, such as during <a href="https://www.news-medical.net/health/What-is-Remote-SurgeryTelesurgery.aspx">remote surgery</a>, when there may be no choice.</p>
<p>Cybercriminals take advantage of vulnerabilities in healthcare IT infrastructure – largely because there’s a higher chance of getting a ransom paid in healthcare than in any <a href="https://news.sophos.com/en-us/2022/06/01/the-state-of-ransomware-in-healthcare-2022/">other sector</a>. </p>
<p>Often, organisations targeted will have to pay a ransom to get back access to data and continue providing healthcare services. According to one recent report the majority of ransomware attack victims in healthcare end up paying <a href="https://www.theregister.com/2022/06/03/healthcare-ransomware-pay-sophos/">the ransom</a>.</p>
<p>As to why Medibank hasn’t disclosed the specific ransom amount, this is because this information could encourage other cybercriminals to aim for similar targets in future ransom events. </p>
<p>If the ransom were disclosed, and later had to be paid, Medibank’s reputation as an insurance provider would hit rock bottom. When Colonial Pipeline’s fuel pipeline infrastructure in the US was hit by a ransomware attack, the hefty ransom payment of US$4.4 million left a permanent scar on <a href="https://www.wsj.com/articles/colonial-pipeline-ceo-tells-why-he-paid-hackers-a-4-4-million-ransom-11621435636">the operator’s reputation</a>. </p>
<h2>The risks as the situation unfolds</h2>
<p>The risks for victims of the Medicare data breach must not be underestimated. This sensitive information could be used in various types of fraud. For example, hackers may call victims of the data breach pretending to be Medibank, and ask for a service charge to have their data safeguarded. Healthcare data can also be used for blackmail and fraudulent billing. </p>
<p>What’s more, hackers can identify the most vulnerable individuals among the list of victims and create customised attack vectors. For example, individuals with implanted devices (such as <a href="https://www.upi.com/Health_News/2022/06/01/medical-devices-pacemakers-cybersecurity/7041653656330/">pacemakers</a>) can be targeted with blackmail and threats to their life. </p>
<p>Beyond this, cybercriminals could also use victims’ personal information to conduct a number of other scams unrelated to Medibank or healthcare. After all, if you have someone’s details it’s much easier to pretend to be any organisation or company with authority.</p>
<p>For those potentially affected by the Medicare data breach, the most important thing now is to remain vigilant about all types of online activity. You can start by replacing your passwords with more secure <a href="https://www.cyber.gov.au/learn/passphrases.">passphrases</a>. You should also consider running a credit check to see if any suspicious activity has been conducted in your name. </p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1587970252033368066"}"></div></p><img src="https://counter.theconversation.com/content/194162/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>A well-known cybercrime group has threatened to release the data should the ransom not be paid.Mohiuddin Ahmed, Senior Lecturer in Cyber Security, Edith Cowan UniversityPaul Haskell-Dowland, Professor of Cyber Security Practice, Edith Cowan UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1886772022-08-17T18:08:16Z2022-08-17T18:08:16ZBefore paying a ransom, hacked companies should consider their ethics and values<figure><img src="https://images.theconversation.com/files/479427/original/file-20220816-1877-maolbq.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C7360%2C4902&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Ransomware attacks are increasing in frequency.</span> <span class="attribution"><span class="source">(Shutterstock)</span></span></figcaption></figure><iframe style="width: 100%; height: 100px; border: none; position: relative; z-index: 1;" allowtransparency="" allow="clipboard-read; clipboard-write" src="https://narrations.ad-auris.com/widget/the-conversation-canada/before-paying-a-ransom--hacked-companies-should-consider-their-ethics-and-values" width="100%" height="400"></iframe>
<p>The recent cyberattacks in August on <a href="https://www.itworldcanada.com/article/canadian-recreational-vehicle-maker-brp-ontario-cannabis-store-dealing-with-cyber-attacks/497252">Bombardier Recreational Products and the Ontario Cannabis Store</a> highlight the continuing scourge of cyber criminals and ransomware. </p>
<p>Ransomware is a piece of malware — malicious software — code that gets into an information system and blocks access to the computer or its files until the victim pays to obtain a key, or password. Ransomware was a term that did not enter the popular lexicon until about 10 years ago <a href="https://www.washingtontimes.com/news/2018/jan/31/ransomware-added-to-oxford-english-dictionary-in-l/">(and it was added to the Oxford English Dictionary in 2018)</a>. </p>
<p>It has now evolved, and in 2021, <a href="https://www.hsgac.senate.gov/imo/media/doc/HSGAC%20Majority%20Cryptocurrency%20Ransomware%20Report.pdf">there were 3,729 ransomware complaints registered, with losses of US$49.2 million in designated critical infrastructures alone</a>. The average ransomware payment climbed 82 per cent to hit a record US$570,000 in the first half of 2021.</p>
<p>And it’s only going to get worse. The FBI’s <a href="https://www.ic3.gov/">Internet Crime Complaint Centre</a> reported 2,084 ransomware complaints from January to July 31, 2021 – a 62% year-over-year increase.</p>
<p>For any organization, cyberattacks are not a matter of “if,” but “when”: A cyberattack is inevitable. This forces leaders to ask: Do we pay the ransom or not?</p>
<p>Roughly <a href="https://blog.knowbe4.com/ransomware-predicted-to-cost-20-billion-in-damages-globally-by-2021">half of all organizations opt to pay ransom</a>. But that also means that roughly half do not. What makes this an especially wicked problem is that there is no correct answer or clear structure. So the question becomes: Under what conditions should a ransom be paid? And what factors can help leaders make this decision?</p>
<h2>Blocking access</h2>
<p>There are four core actions that ransomware can execute, embodied in the acronym LEDS: Lock, Encrypt, Delete or Steal. Ransomware can lock, or prevent access to data or an information system, requiring a key to unlock. Similarly, it can allow access, but the data are gibberish as they have been encrypted in place, again requiring a decryption key to make legible. Data can be deleted in place (erased) or sold to the highest bidder. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/479679/original/file-20220817-8075-c9vamm.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="computer screen with the words SYSTEM HACKED displayed" src="https://images.theconversation.com/files/479679/original/file-20220817-8075-c9vamm.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/479679/original/file-20220817-8075-c9vamm.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=413&fit=crop&dpr=1 600w, https://images.theconversation.com/files/479679/original/file-20220817-8075-c9vamm.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=413&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/479679/original/file-20220817-8075-c9vamm.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=413&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/479679/original/file-20220817-8075-c9vamm.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=519&fit=crop&dpr=1 754w, https://images.theconversation.com/files/479679/original/file-20220817-8075-c9vamm.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=519&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/479679/original/file-20220817-8075-c9vamm.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=519&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Ransomware removes or prevents access to companies’ data.</span>
<span class="attribution"><span class="source">(Shutterstock)</span></span>
</figcaption>
</figure>
<p>What makes today’s ransomware attacks especially harmful and insidious is that they often deploy more than one of these effects.</p>
<p>Once malware is embedded in an organization’s system, <a href="https://www.zdnet.com/article/ransomware-an-executive-guide-to-one-of-the-biggest-menaces-on-the-web/">the criminals contact the victim</a>, usually through an anonymous email, or through the malware itself (pop-up window) demanding immediate payment of a ransom in cryptocurrency, and typically threatening further harm. </p>
<p>Paying the ransom may lead to a decryption key being provided, which, when entered on the pop-up window immediately unlocks the system and anything that has been encrypted.</p>
<h2>Considerations before payment</h2>
<p>There are two dimensions to be considered when deciding to pay a ransom: the business decision and the ethical one.</p>
<p>Law enforcement authorities, including <a href="https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/ransomware">the FBI</a> and <a href="https://www.rcmp-grc.gc.ca/en/prevent-ransomware">the RCMP</a>, adamantly advise against paying ransom, ever. They do so for two good reasons: first, it rewards and encourages criminal activity. Second, it may further endanger the organization when it becomes known in hacker circles that this is an organization willing to pay. </p>
<p>In other words, it may not make the crime go away and may make you even more of a target.</p>
<p>If the criminals are not a known terrorist organization, then payment of a ransom is not a crime. This might change, as some countries, notably the United States, are proposing enactment of Sanctions Compliance Laws criminalizing all cyber-ransom payments. It might be difficult to attribute the attack, which is why the hackers often identify themselves to their victims. </p>
<h2>An honest crime</h2>
<p>There is a compelling business case to be made for paying a ransom demand. The crime works because, if you will, it is an honest one. That is, <a href="https://www.proofpoint.com/us/resources/threat-reports/state-of-phish">70 per cent of the time</a>, paying a ransom will result in a valid decryption key being provided. </p>
<p>This makes sense. For criminals to profit from this endeavor, they must show good faith and deliver on their promise.</p>
<p>Criminals also know this. Targeted campaigns see attackers spending on average nearly six months inside a company’s network before enacting ransom malware. They do so to ensure that their malware has infected as many systems as possible, including backups; to identify and extract the items of greatest value; to ensure they do not leave traces; and to garner any business intelligence (such as incident response plans or insurance policies). This allows them to determine the maximum amount of ransom to demand.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/479680/original/file-20220817-8144-f4spzz.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="padlocks represented digitally, all are blue with the exception of a red one which is broken open" src="https://images.theconversation.com/files/479680/original/file-20220817-8144-f4spzz.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/479680/original/file-20220817-8144-f4spzz.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/479680/original/file-20220817-8144-f4spzz.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/479680/original/file-20220817-8144-f4spzz.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/479680/original/file-20220817-8144-f4spzz.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/479680/original/file-20220817-8144-f4spzz.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/479680/original/file-20220817-8144-f4spzz.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">For ransomware to be a lucrative endeavor for criminals, they have to release the data once they have received payment.</span>
<span class="attribution"><span class="source">(Shutterstock)</span></span>
</figcaption>
</figure>
<p>This is the essence of the business case decision. Suppose, for example, that the cost of a ransom event is estimated to be $500,000 (based on the size of the database, time to recover, data validation upon recovery and other expenses). A ransom demand of $250,000 is clearly a better alternative because it is not only cheaper, but faster than the alternative. </p>
<p>Organizations can calculate the cost of various incidents and determine, in principle, their willingness to pay for each possible ransom scenario. This leads to the development of what is referred to as a ransomware payment matrix for the organization.</p>
<h2>Moral dimensions</h2>
<p>However, there is also a moral, or ethical dimension to this decision. Payments to criminals might not be consistent with the organization’s core values, culture or code of ethics. Even if they are, this might not sit well with the company’s employees, clients and other stakeholders. </p>
<p>There are many frameworks and theories dealing with ethics in the workplace, and leaders need to avail themselves of one or more. This will help them make a decision regarding paying a ransom because, while it may make great business sense to pay a ransom, it may not be the right thing to do for the organization. </p>
<p>Instead, the organization may choose to invest funds that would otherwise go to ransom payments into training, cyber-protection and upgrading and patching systems.</p>
<p>Whatever the decision, it is critical to explore all options well before any cyberattacks occur. This includes holding discussions with employees, customers and other stakeholders. It also includes insurers (who are increasingly loath to insure against ransomware events) and law enforcement authorities.</p>
<p>Accepting the inevitability of a cyberattack and thoroughly exploring different scenarios will have the dual effect of not only preparing for the attack, but allowing for a more effective response when it occurs.</p><img src="https://counter.theconversation.com/content/188677/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Michael Parent does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Cyberattacks demanding ransoms for the release of information are on the rise. To determine if they should pay, businesses need to think about how they would react in such a scenario.Michael Parent, Professor, Management Information Systems, Simon Fraser UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1842172022-06-17T13:02:40Z2022-06-17T13:02:40ZWho’s at risk of being kidnapped in Nigeria?<figure><img src="https://images.theconversation.com/files/468808/original/file-20220614-11-ftbhmr.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Parents and relatives of abducted students demanding the release of their families who had spent 55 days in captivity as at March 12, 2021.</span> <span class="attribution"><span class="source">Photo by Kola Sulaimon/AFP via Getty Images</span></span></figcaption></figure><p>Nigeria ranks among the <a href="https://www.controlrisks.com/our-thinking/insights/kidnap-for-ransom-in-2022">kidnapping hotspots</a> of the world. </p>
<p>Over <a href="https://www.sbmintel.com/wp-content/uploads/2020/05/202005_Nigeria-Kidnap.pdf">3,000 people</a> were kidnapped in Nigeria in the first half of 2021 alone. The figure for January 2022 has been reported as <a href="https://eonsintelligence.com/details/special-report-90785645/january-2022-incidents-by-regions-1079701345">571</a>.</p>
<p>In just one example, the head of the Methodist Church in Nigeria was <a href="https://www.bbc.com/news/world-africa-61632802">kidnapped</a> by gunmen in Abia State in May. </p>
<p>This practice has <a href="https://www.researchgate.net/publication/358398187_Of_Banditry_and_'Human_Rustling'_The_Scourge_of_Kidnapping_in_Northern_Nigeria">evolved</a> among the bandits and terrorists of northern Nigeria, militants and cultists in the Niger Delta as well as the ritual-killers of the western and eastern parts of the country. </p>
<p><a href="https://www.researchgate.net/publication/358398187_Of_Banditry_and_'Human_Rustling'_The_Scourge_of_Kidnapping_in_Northern_Nigeria">My research</a> explored the nature of this threat and the factors accounting for its current upswing.</p>
<p>Nigeria’s banditry crisis is a complicated situation with a number of interests, motives and actors. Some criminals are opportunistic, others organised. Militants, terrorists and insurgents use banditry to raise funds for their operations and as a bargaining strategy. </p>
<p>Kidnapping for ransom thrives in Nigeria because the material incentive and opportunity are there, and victims find it expedient to pay ransom. </p>
<p>In my view, the solutions lie in removing incentives, creating stricter deterrents, more effective policing and greater vigilance.</p>
<h2>Types of kidnapping</h2>
<p>Kidnapping is the act of holding a person captive in order to make them offer something in return for their release. The motivation may be economic, political, or ideological. </p>
<p>There are different patterns of kidnapping, among them kidnap for ransom, kidnap for ritual, kidnap for strategic bargain, and child abduction. </p>
<p>In Nigeria, the main form has been <a href="https://www.premiumtimesng.com/news/headlines/487509-special-report-inside-nigerias-worsening-kidnap-for-ransom-scourge-1.html#:%7E:text=Of%20the%204%2C962%20people%20reported,assailants%20like%20ants%20to%20sugar.">kidnap for ransom</a>. It was estimated that <a href="https://humanglemedia.com/18million-paid-as-ransom-to-kidnappers-in-nigeria-over-a-decade-intelligence-firm/">over US$18 million</a> was paid as ransom in Nigeria between January 2011 and March 2020. </p>
<p>This form of kidnapping is often carefully planned, organised, and carried out. Most of its victims have been prominent personalities and rich men who are believed by the perpetrators to posses the material substance and capital to pay ransom.</p>
<p>It usually starts with profiling a target to determine their ransom value. That value includes how much money the kidnapper can get, and the <a href="https://www.researchgate.net/publication/358398187_Of_Banditry_and_'Human_Rustling'_The_Scourge_of_Kidnapping_in_Northern_Nigeria">social strategic worth</a> of the target or their family.</p>
<p>For instance, the child of a wealthy family has a high kidnap ransom value. The only child of an affluent household has even greater value.</p>
<p>Wealthy individuals and their relations have high kidnap ransom value. This is also true of strategic members of corporate organisations and networks that are believed to be well to do. The expectation is that members of a wealthy family, network or organisation are in a position to raise funds to release the kidnapped person.</p>
<p>There are, however, instances of kidnap for ransom where opportunistic criminals abduct vulnerable individuals, without profiling targets. This often yields lower ransom returns.</p>
<p>Kidnapping for ritual purposes also happens in Nigeria. There have been incidents of kidnappers dealing in body parts and capturing victims for sacrifices. Perpetrators may waylay their victims or entrap them through frauds, scams and phantom business trips. </p>
<p>The <a href="https://www.google.com/search?q=ritual+killings+in+hotels+in+Nigeria&rlz=1C1CHBD_enNG889NG889&sxsrf=ALiCzsZJiZE73-eVzRyGK4Z6Ysoj9b451Q%3A1653986089304&ei=KdOVYuKUEoGy8gK8sZK4DQ&ved=0ahUKEwiizcOqqon4AhUBmVwKHbyYBNcQ4dUDCA4&uact=5&oq=ritual+killings+in+hotels+in+Nigeria&gs_lcp=Cgdnd3Mtd2l6EANKBAhBGABKBAhGGABQAFjtRGDyRmgAcAB4AIABAIgBAJIBAJgBAKABAcABAQ&sclient=gws-wiz">sporadic discoveries</a> of dismembered human bodies in hotels, shrines, construction sites, river-lines, and forests in various parts of Nigeria attest to this <a href="https://www.academia.edu/30173085/Kidnapping_for_Rituals_Article_of_Faith_and_Insecurity_in_Nigeria">form of kidnapping</a>. </p>
<p>In the Niger Delta region, <a href="https://www.scirp.org/journal/paperinformation.aspx?paperid=98926">militants and pirates</a> have taken hostages to extract ransom and for coercive bargaining. The tactic is used to force the government or oil multinational firms to come to terms with certain strategic demands or concerns of the militants and their allied clandestine groups.</p>
<p>The insurgents and terrorists operating in parts of northern Nigeria have also used this tactic <a href="https://www.ndtv.com/world-news/chibok-girls-bargaining-chip-of-boko-haram-insurgency-1444912">to force</a> the government to grant them strategic concessions. </p>
<p>Sometimes they have abducted commuters or school children en masse. A recent report by UNICEF indicates that <a href="https://www.thisdaylive.com/index.php/2022/04/17/unicef-in-15-months-1436-school-children-abducted-in-nigeria/#:%7E:text=UNICEF%3A%20In%2015%20Months%2C%201%2C436%20School%20Children%20Abducted%20in%20Nigeria,-April%2017%2C%202022&text=No%20fewer%20than%201%2C436%20school,Fund%20">1,436 children</a> were abducted in Nigeria between 2020 and 2022. </p>
<p>There have been cases of children being taken in cities and rural areas. Criminals sometimes contact their parents for a ransom. In some instances, the children are abducted for <a href="https://www.researchgate.net/publication/351482893_'Baby_factories'_versus_the_objectification_of_surrogacy_cum_child_adoption_in_Nigeria">ritual purposes or illicit adoption</a>. Young pregnant women have also been held captive to <a href="https://www.researchgate.net/publication/351482893_'Baby_factories'_versus_the_objectification_of_surrogacy_cum_child_adoption_in_Nigeria">“harvest” their babies</a>.</p>
<h2>Why kidnapping is on the upswing</h2>
<p>The drivers of kidnapping risk in Nigeria today include <a href="https://aoav.org.uk/wp-content/uploads/2013/12/The-Violent-Road.pdf">the upsurge</a> in organised armed violence by non-state actors, the <a href="https://www.academia.edu/30173085/Kidnapping_for_Rituals_Article_of_Faith_and_Insecurity_in_Nigeria">increasing trend</a> of ritual criminality, the economics of ransom, and criminal opportunism. </p>
<p>The opportunity and incentive for committing a crime is far greater than its risks or hazards. In Nigeria, <a href="https://www.hrw.org/report/2010/08/17/everyones-game/corruption-and-human-rights-abuses-nigeria-police-force">only a few</a> criminals are ever arrested and prosecuted.</p>
<p>The capacity of the state agencies to detect and deter crime is abysmal. In most instances, state security operatives fail to respond to occasions of kidnapping promptly and rapidly. </p>
<p>They also lack the technical ability to track kidnappers and their movements. Consequently, criminals carry on with impunity. </p>
<p>Kidnapping in Nigeria has become a matter of national emergency, and ought to be treated as such. </p>
<p>The public should be vigilant and reduce their vulnerability. But government must rise to its first and prime calling - protecting the security of lives and property. The government should be proactive and decisive in fighting kidnapping. </p>
<p>Based on my research, I have three recommendations:</p>
<ul>
<li><p>The remote areas of Nigeria where some of these crimes occur should be “governed” through a pragmatic <a href="https://theconversation.com/vigilantism-in-nigeria-a-way-to-combat-crime-if-its-non-violent-and-regulated-175676">community policing</a> strategy. </p></li>
<li><p>Deterrence should be stronger, stiffer and more decisive – such as the death penalty. The existing punishment of ten years (maximum) is not a deterrent. </p></li>
<li><p>Payment of kidnap ransom should be discouraged, and possibly criminalised, to remove the incentive to kidnap people. The example of the United States, where all forms of ransom-related transactions are outlawed, is instructive.</p></li>
</ul><img src="https://counter.theconversation.com/content/184217/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Al Chukwuma Okoli consults for Center for Democracy and Development, Abuja; volunteers for Amnesty International; belongs to Conflict Research Network West Africa (CORN West Africa); received research and conference grants from Tertiary Education Trust Fund (TETFund). He is affiliated with Federal University of Lafia, Nigeria. </span></em></p>Nigerians are at risk of kidnapping as the cost of committing this crime is far less than its benefits.Al Chukwuma Okoli, Senior Lecturer and Consultant-researcher, Department of Political Science, Federal University LafiaLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1812082022-04-22T07:51:46Z2022-04-22T07:51:46ZNigeria’s banditry: why 5 government strategies have failed<figure><img src="https://images.theconversation.com/files/457970/original/file-20220413-16-6ue7jb.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">In 2019, members of an anti-banditry vigilante group disarmed in Zamfara but this has not halted attacks from bandits.</span> <span class="attribution"><span class="source">Photo by Kola Sulaimon/AFP via Getty Images</span></span></figcaption></figure><p><a href="https://www.brookings.edu/blog/africa-in-focus/2021/02/18/rising-insecurity-in-northwest-nigeria-terrorism-thinly-disguised-as-banditry/">Heightened</a> violence and insecurity in the north-west and north-central regions of Nigeria has become an existential threat to many. </p>
<p>Reported security incident trends show the regions experienced 65% of the total security incidents in Nigeria in the first quarter of 2022, with 2,331 <a href="https://firebasestorage.googleapis.com/v0/b/beacon-consulting.appspot.com/o/reports%2F-1649948838636?alt=media&token=09a77e69-50fc-4a98-9878-afbdd2039638">fatalities</a>.</p>
<p><a href="https://theconversation.com/nigerias-bandits-are-not-unknown-gunmen-why-the-label-matters-166997">Bandits</a> are largely responsible for stoking violence and insecurity in these regions.</p>
<p>Numerous bandit groups exist in north-west and north-central Nigeria but they do not have any central authority and there is little to suggest collaboration between them. The groups have different operational capacities and technical <a href="https://newlinesmag.com/reportage/the-bandit-warlords-of-nigeria/">capabilities</a>, and are mostly clandestine in their operations. Their main activities are cattle rustling, kidnapping civilians for ransom, armed attacks and community invasion. </p>
<p>Since 2016, the current government has adopted numerous military and other non military strategies to stamp out banditry. But the increasing activity and violence of the groups indicate that the government’s efforts have failed to achieve the desired results. </p>
<p>Based on my <a href="https://www.researchgate.net/publication/358075158_The_effect_of_military_unprofessionalism_on_civil-military_relations_and_security_in_Nigeria">work</a> and analysis of security trends, I have identified five strategies adopted by the Nigerian government and analysed why they failed. I also have suggestions about what the government can do differently.</p>
<p><strong>Dialogue, settlement and peace missions</strong></p>
<p>In the early stage of banditry in 2016, some Nigerian state governments leaned heavily on negotiation and settlement to end it. <a href="https://tribuneonlineng.com/our-peace-reconciliation-initiative-best-way-to-address-armed-banditry-zamfara-govt/">Zamfara</a>, <a href="https://www.thisdaylive.com/index.php/2019/09/18/ending-banditry-kidnapping-in-katsina-through-dialogue/">Katsina</a>, <a href="https://dailytrust.com/amp/despite-peace-deals-banditry-thrives">Sokoto</a> and <a href="https://punchng.com/banditry-el-rufais-changing-tune-on-negotiation/">Kaduna</a> states adopted different dialogue and settlement initiatives to end the killings, banditry and kidnappings. </p>
<p>The state governments paid <a href="https://www.vanguardngr.com/2016/12/weve-paid-fulani-stop-killings-southern-kaduna-el-rufai/">money</a> as compensation to identified leaders of bandits in return for peace. Sokoto, Zamfara, and Katsina states further offered an <a href="https://www.thisdaylive.com/index.php/2019/10/08/two-months-after-sokoto-zamfara-katsina-count-gains-of-amnesty-for-bandits/">amnesty</a> hinged on renouncing banditry and kidnapping, and the surrender of weapons.</p>
<p>Following the same logic, a famous Islamic cleric, <a href="https://www.bbc.com/news/world-africa-57007326">Sheik Ahmad Gumi</a>, initiated a peace mission aimed at reaching a consensus between the government of Nigeria and bandit leaders to end the violence. This wasn’t well received by the public. The Kaduna state <a href="https://dailytrust.com/el-rufai-to-gumi-we-cant-negotiate-with-bandits">governor</a>, for one, insisted that the Fulani would not abandon banditry to return to their nomadic life of tending animals. </p>
<p>Overall, the dialogue, settlement and peace mission failed to end the banditry. But it did reveal that the groups were mainly driven by economic motivations.</p>
<p><strong>Air bombardment and seizing telecommunication services</strong></p>
<p>As negotiations and settlements failed, in 2018 government efforts turned to military aerial bombardment of occupied forests used as bandit strongholds. The effort was strengthened by the <a href="http://saharareporters.com/2021/12/31/katsina-government-restores-telecoms-services-despite-bandits%E2%80%99-attacks">seizure of telecommunication services</a> in parts of the north-west for several weeks in the last quarter of 2021. Seizing the network was meant to undermine the ability of the groups to communicate and receive information about military activities.</p>
<p>The operation did not weaken the groups. The crisis worsened, and civilian casualties resulted from the military air raids in 2021 in <a href="https://saharareporters.com/2022/02/20/breaking-seven-dead-nigerian-air-force-fighter-jet-targeting-bandits-%E2%80%98mistakenly%E2%80%99-bombs">several communities</a>. </p>
<p>Lack of support by ground troops undermined the operation as bandits moved from one location to another to evade the aerial bombardments. Similarly, the shutting down of telecommunication services was not uniformly done across the north-west. Bandit groups could easily move elsewhere.</p>
<p><strong>Deploying women soldiers</strong></p>
<p>In Kaduna State, which has become the epicentre of banditry, <a href="https://www.thisdaylive.com/index.php/2021/01/28/banditry-army-deploy-300-female-soldiers-to-kaduna-abuja-highway/amp/">300 soldiers</a> from the Nigerian Army Women Corps were deployed on the highly volatile A2 Abuja-Kaduna expressway in January 2021. This was done to complement and strengthen the ongoing security operations on the route.</p>
<p>In the first month of deployment, the A2 highway was free of abductions. But the A235 Kaduna-Kajuru-Kachia route and surrounding communities experienced a <a href="https://acleddata.com/data-export-tool/">spike</a> in attacks and abductions.</p>
<p>Again, the attackers simply moved their operations.</p>
<p><strong>Ending ransom payment</strong></p>
<p>State governments decided, in 2020, not to <a href="https://tribuneonlineng.com/kaduna-attack-we-will-not-negotiate-with-bandits-%E2%80%95-el-rufai/">negotiate</a> with bandits. They also discouraged victims’ families from paying <a href="https://www.vanguardngr.com/2021/01/stop-paying-ransom-to-kidnappers/">ransom</a> to bandits in exchange for their kidnapped <a href="https://www.premiumtimesng.com/regional/nwest/454100-i-wont-pay-ransom-even-if-my-son-is-kidnapped-el-rufai.html">family</a> members.</p>
<p>The Nigerian Senate considered passing the Terrorism Prevention (Amendment) Bill 2021. This would criminalise payment of ransom as a felony <a href="https://guardian.ng/news/knocks-cheers-over-plan-to-criminalise-ransom-payment/">punishable by 15 years</a> in prison.</p>
<p>The intention was to make kidnapping for ransom less attractive. But the bill attracted public criticism. Some government <a href="https://www.vanguardngr.com/2022/02/navy-efcc-reject-senates-bill-to-criminalise-payment-of-ransom-to-terrorists/">agencies</a> rejected it and the <a href="https://www.cfr.org/blog/kidnapping-and-ransom-payments-nigeria">government</a> is said to have paid ransom (though it denies this). </p>
<p>Successful rescue of victims by security forces would have discouraged Nigerians from paying ransom, but such rescues have been insignificant. Citizens are therefore not <a href="https://punchng.com/its-funny-kaduna-bandits-receive-recharge-cards-as-ransoms-but-government-claims-they-cant-be-tracked-sokapu-youth-president-john/">confident</a> that if they do not pay ransom, their kidnapped family members will be freed through security operations. </p>
<p>It remains unclear whether the Senate will still approve the bill after the public debates.</p>
<p><strong>Labelling bandits as terrorists</strong></p>
<p>A <a href="https://www.premiumtimesng.com/news/headlines/504177-just-in-nigerian-govt-gazettes-declaration-of-bandit-groups-as-terrorists.html">federal high court ruling</a> has compelled the federal government to proscribe bandits as terrorist organisations. This was intended to ensure that the <a href="https://theconversation.com/nigerias-bandits-are-not-unknown-gunmen-why-the-label-matters-166997">appropriate level</a> of force, tactical and operational assets and resources were deployed against the groups. In essence, this should translate to tougher sanctions for the bandits, and the application of the Terrorism Prevention Act to penalise their informants and supporters. Yet these measures have not deterred the now sanctioned terror groups.</p>
<p>Recent terror attacks by the groups include an <a href="https://www.reuters.com/world/africa/gunmen-kill-19-soldiers-attack-nigerian-deputy-governors-convoy-2022-03-09/">ambush</a> of the <a href="https://www.reuters.com/world/africa/gunmen-kill-19-soldiers-attack-nigerian-deputy-governors-convoy-2022-03-09/">convoy</a> of a deputy governor; killing of <a href="https://www.premiumtimesng.com/regional/nwest/522000-gunmen-kill-11-soldiers-three-vigilante-members-in-attack-on-military-base-nigerian-military.html">11 soldiers</a> at a military base; the Kaduna <a href="https://www.premiumtimesng.com/news/top-news/519850-gunmen-attack-kaduna-airport-kill-official.html">airport attack</a>; the Kaduna-bound <a href="https://www.channelstv.com/2022/03/29/many-feared-killed-others-kidnapped-as-bandits-attack-abuja-kaduna-train/">passenger train attack</a>; and kidnap of <a href="https://www.premiumtimesng.com/news/headlines/523559-updated-bandits-abduct-female-students-in-zamfara.html">students</a> of the Zamfara State College of Health Technology, Tsafe.</p>
<p><strong>Recommendation</strong></p>
<p>Poverty, hunger and unemployment make people vulnerable to radicalisation and drive <a href="https://zjpd.com.ng/index.php/zjpd/article/download/30/33">conflict</a>. What is required is sincere policy implementation to lift Nigerians out of these circumstances.</p>
<p>In the short term, improved security collaboration with civilians would make individuals and communities feel safer and more willing to offer vital information to security forces. <a href="https://journals.co.za/doi/abs/10.10520/ejc-crim-v33-n3-a6">Trust</a> in government security forces is <a href="https://scholar.sun.ac.za/handle/10019.1/104931">lacking</a> in Nigeria. </p>
<p>There have been cases of violent extremist organisations infiltrating villages in retaliation for their <a href="https://reliefweb.int/sites/reliefweb.int/files/resources/288-violence-in-nigerias-north-west.pdf">cooperation</a> with government security agencies. Government forces therefore need to keep their sources of information confidential. They must also prove themselves capable of finding and rescuing kidnapped victims so that ransom doesn’t have to be paid.</p><img src="https://counter.theconversation.com/content/181208/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Sallek Yaks Musa does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>To end banditry, Nigeria first needs to tackle poverty, hunger and unemployment.Sallek Yaks Musa, Lecturer, University of JosLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1669972021-10-18T14:17:03Z2021-10-18T14:17:03ZNigeria’s ‘bandits’ are not ‘unknown gunmen’: why the label matters<figure><img src="https://images.theconversation.com/files/425933/original/file-20211012-25-11or1gk.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Some members of the Nigerian Armed Forces Sniper Unit</span> <span class="attribution"><span class="source">Stefan Heunis/AFP via Getty Images</span></span></figcaption></figure><p><em>Since 2015, parts of northern Nigeria have witnessed a steady increase in insecurity and violent attacks. Civilians and government security forces have been the victims. Numerous <a href="https://acleddata.com/data-export-tool/">data tracking sources</a> have shown an escalation of incidents since January 2021. But there appears to be a difference between perpetrators’ actions and the way they are labelled. Government calls them ‘bandits’ and ‘unknown gunmen’. Others have insisted that a more appropriate description would be ‘terrorists’. Adejuwon Soyinka, West Africa regional editor at The Conversation Africa, asks Sallek Yaks Musa, a security and civil-military relations expert, to explain what might underlie the terminology used and how mistrust in the military hinders a solution.</em></p>
<h2>Who are the attackers?</h2>
<p>In the past few years, the identity of these groups was largely unclear. But the elevation of attacks and the atrocities they commit has created a pattern.</p>
<p>Survivors, eyewitnesses and security sector sources have singled out Fulani herdsmen who speak the commonly known Fulfulde dialect in the north-west and north-central regions in Nigeria as the major perpetrators. These sources further indicated an increasing collaboration between this group and other <a href="https://punchng.com/armed-foreign-herdsmen-allowed-into-nigeria-to-help-local-brothers-prof/">foreign Fulani</a> who speak a different Fulfulde with an accent considered to be of French origin. This points to a possible ideological goal. </p>
<p>A common atrocity is the invasion of communities, destroying houses, property and <a href="https://www.vanguardngr.com/2021/08/plateau-attacks-mass-murders-crops-destruction-new-order-of-the-day/">crops</a>. The motive appears to be to displace people and occupy their arable lands.</p>
<p>To finance their operations, bandits have been kidnapping civilians for ransom. Since January 2021, no fewer than 10 incidents of abduction of school children involving over <a href="https://punchng.com/over-1000-schoolchildren-abducted-in-nigeria-in-eight-months-unicef/">1,000 students</a> have occurred. Improvised vehicle checkpoints have been used to abduct commuters and many rural communities have been invaded solely for abduction and looting. </p>
<p>On 24 August, bandits attacked the <a href="https://www.premiumtimesng.com/regional/nwest/480926-how-gunmen-attacked-killed-abducted-officers-nda.html">Nigerian Defence Academy</a>, killing two officers and abducting another. This points to the strength and capacity of the groups. It also means the violence is assuming an insurgent nature.</p>
<p>The perpetrators freely operate a quasi-government, imposing <a href="https://guardian.ng/news/bandits-levy-niger-communities-n5m-monthly/">levies</a> on communities and demanding <a href="https://thenationonlineng.net/living-dangerously-with-bandits-in-kaduna/">money</a> as a condition for civilians to access their farms and communities. </p>
<p>The military appears unable to counter the threats or conduct significant rescue efforts. Recent attempts relied heavily on aerial bombardment, which tends to lack precision. This has <a href="https://www.pulse.ng/news/local/7-times-nigerian-airforce-has-mistakenly-killed-civilians-during-terrorism-war/5cttx93">resulted</a> in civilian casualties and has failed to produce significant results. </p>
<p><a href="https://allafrica.com/stories/202109040057.html">Shutting down</a> telecommunication services has not helped much. The recent release of the abducted students of <a href="https://www.vanguardngr.com/2021/10/bandits-release-5-more-bethel-students-matron/">Bethel Baptist School</a> was facilitated by ransom.</p>
<h2>What is their relationship with Boko Haram?</h2>
<p>Anecdotal <a href="https://www.channelstv.com/2021/04/04/bandits-using-proceeds-of-abduction-to-fund-boko-haram-says-el-rufai/">accounts</a> indicate a growing relationship between the bandits and the violent extremist organisations in the north-east. <a href="https://punchng.com/kidnapping-iswap-boko-haram-training-bandits-says-nis/">Official communication</a> within government agencies indicates that Boko Haram is training and equipping bandits. </p>
<p>The late Boko Haram leader also indicated the <a href="https://issafrica.org/iss-today/boko-haram-teams-up-with-bandits-in-nigeria">relationship</a> between his group and the bandits in the north-west and north-central region. Bandit groups, however, have not said much about the alleged relationship with violent extremist organisations.</p>
<p>In April 2021, the Boko Haram flag was reportedly <a href="https://www.vanguardngr.com/2021/04/boko-haram-hoists-flags-in-captured-niger-villages-gov-bello/">hoisted</a> in Niger State, which is bordered by the nation’s capital city, Abuja, to symbolise they had captured the area. The group responsible for this has yet to be confirmed, but high levels of banditry are experienced in parts of Niger State, including <a href="https://eonsintelligence.com/details/news-108923456/6-security-operatives-feared-killed-10-others-abducted-as-bandits-attack-shiroro-lga-of-niger-state-318858941">attacks</a> on government <a href="https://dailytrust.com/breaking-bandits-break-into-military-camp-in-niger-set-vehicles-on-fire">forces and installations</a>. </p>
<p>The attacks have become a trend in the <a href="https://punchng.com/bandits-on-the-rampage-attack-air-force-patrol-in-zamfara-kogi-assembly/">north-west</a> and <a href="http://saharareporters.com/2021/04/08/bandits-ambush-nigerian-army-logistics-convoy-cart-away-n28-million-cash-weapons">north-central</a> region. Military operations have failed to prevent the attacks and violence against civilian communities.</p>
<h2>Why is the government reluctant to designate bandits as terrorists?</h2>
<p>The atrocities and motivation of the bandits have assumed an insurgent-type criminality. But the government is <a href="https://www.vanguardngr.com/2021/10/official-refusal-to-declare-bandits-as-terrorists/">reluctant</a> to label the groups as terrorists or insurgents. </p>
<p>President Muhammadu Buhari has been accused of sympathising with the perpetrators, who appear to be of his <a href="https://www.crisisgroup.org/africa/west-africa/nigeria/262-stopping-nigerias-spiralling-farmer-herder-violence">ethnic affiliation</a>. He has been accused of emboldening the groups over his quest to reclaim and reestablish grazing routes despite the open rejection of open grazing by <a href="https://guardian.ng/news/buhari-fg-will-reclaim-grazing-routes-for-herders/">half</a> of Nigeria’s 36 state governors. </p>
<p><a href="https://www.vanguardngr.com/2021/08/grazing-routes-buhari-turning-nigeria-into-a-cow-republic-prioritizing-welfare-of-cows-over-human-lives-ortom/">Critics</a> argue that his lopsided appointments of mostly northerners like himself, against the constitutional federal character principle, explain his failure to take a tough stance against the attacks on Nigerians by the Fulani. </p>
<p>The <a href="https://leadership.ng/some-politicians-are-informants-to-bandits-niger-governor/">Niger</a>, <a href="https://www.channelstv.com/tag/kogi-state-governor/">Kogi</a>, <a href="https://www.youtube.com/watch?v=qCEP03gfw9c">Kaduna</a> and <a href="https://www.arise.tv/nigeria-imo-governor-uzodinma-says-politicians-sponsoring-terrorism-to-distract-focused-buhari/">Imo</a> state governors have said that political elites sponsor banditry. Some bandit leaders operating in Kaduna and Niger states, which are among the most affected states, have made the same claims, though they are yet to be substantiated.</p>
<h2>What are the likely consequences?</h2>
<p>North-west and north-central Nigeria are facing what amounts to an insurgency. The government can prevent this from assuming the magnitude of the violent extremism experienced in the north-east.</p>
<p>The first step is to call bandits terrorists. This is necessary to ensure that the requisite level of force, tactical and operational assets and resources are deployed against the groups. This has constrained the activities of Boko Haram, but strong institutional action is required to sanction perpetrators.</p>
<p>The military’s air raids have yielded insignificant results because they lack coordinated support from ground troops. Increased collaboration within the military and with partner security agencies including the police and intelligence agencies is key to winning the battle against bandits. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/why-children-are-prime-targets-of-armed-groups-in-northern-nigeria-156314">Why children are prime targets of armed groups in northern Nigeria</a>
</strong>
</em>
</p>
<hr>
<p>Numerous victim civilian populations believe the military are complicit, unwilling, or unable to secure them. They distrust the military and are unwilling to share information or collaborate with them. The military could remedy this by rescuing kidnapped victims and responding swiftly when communities offer early warning information or come under attack.</p>
<p>This would increase the likelihood of reporting incidents to security forces, decrease the likelihood of civilians paying ransom, and make criminal abduction for ransom less lucrative. However, all these require political will, which appears to be lacking.</p><img src="https://counter.theconversation.com/content/166997/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Sallek Yaks Musa does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>The atrocities and motivation of bandits have assumed insurgent-type criminality. But the Nigerian government is reluctant to label them terrorists or insurgents.Sallek Yaks Musa, Lecturer, University of JosLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1639772021-07-07T06:09:00Z2021-07-07T06:09:00ZHolding the world to ransom: the top 5 most dangerous criminal organisations online right now<figure><img src="https://images.theconversation.com/files/410078/original/file-20210707-27-16ysofm.jpeg?ixlib=rb-1.1.0&rect=62%2C44%2C5928%2C3943&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p><em>On the internet, nobody knows you’re a dog!</em></p>
<p>These words from Peter Steiner’s <a href="https://www.washingtonpost.com/blogs/comic-riffs/post/nobody-knows-youre-a-dog-as-iconic-internet-cartoon-turns-20-creator-peter-steiner-knows-the-joke-rings-as-relevant-as-ever/2013/07/31/73372600-f98d-11e2-8e84-c56731a202fb_blog.html">famous cartoon</a> could easily be applied to the recent <a href="https://www.nzherald.co.nz/nz/worldwide-ransomware-attack-st-peters-college-and-10-other-schools-hit-by-us-cyber-attack/JACHAD3OPGUOF7ZIF4PJXDPICA/">ransomware attack</a> on Florida-based software supplier Kaseya.</p>
<p>Kaseya provides software services to thousands of clients around the world. It’s estimated between <a href="https://www.itnews.com.au/news/kaseya-boss-says-up-to-1500-businesses-affected-by-ransomware-attack-566942">800 and 1,500 medium to small businesses</a> may be impacted by the attack, with the hackers demanding US$50 million
(<a href="https://thewest.com.au/news/crime/ransomware-hackers-lower-demand-to-us50m-c-3320330">lower than the previously reported US$70 million</a>) in exchange for restoring access to data being held for ransom.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1412336467490209796"}"></div></p>
<p>The global ransomware attack has been <a href="https://www.cbsnews.com/news/kaseya-atttack-biggest-known-ransomware/">labelled</a> the biggest on record. Russian cybercriminal organisation REvil is the alleged culprit. </p>
<p>Despite its notoriety, nobody really knows what REvil is, what it’s capable of or why it does what they does — apart from the immediate benefit of huge sums of money. Also, ransomware attacks often involve vast distributed networks, so it’s not even certain the individuals involved would <a href="https://theconversation.com/inside-a-ransomware-attack-how-dark-webs-of-cybercriminals-collaborate-to-pull-them-off-163015">know each other</a>.</p>
<p>Ransomware attacks are <a href="https://theconversation.com/the-increase-in-ransomware-attacks-during-the-covid-19-pandemic-may-lead-to-a-new-internet-162490">growing exponentially</a> in size and ransom demand — changing the way we operate online. Understanding who these groups are and what they want is critical to taking them down.</p>
<p>Here, we list the top five most dangerous criminal organisations currently online. As far as we know, these rogue groups aren’t backed or <a href="https://cybernews.com/editorial/the-worlds-most-dangerous-state-sponsored-hacker-groups/">sponsored by any state</a>.</p>
<h2>DarkSide</h2>
<p>DarkSide is the group behind the <a href="https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password">Colonial Pipeline</a> ransom attack in May, which shut down the US Colonial Pipeline’s fuel distribution network, triggering gasoline shortage concerns.</p>
<p>The group seemingly first emerged in August last year. It targets <a href="https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/">large companies</a> that will suffer from any disruption to their services — a key factor, as they’re then more likely to pay ransom. Such companies are also more likely to have <a href="https://www.reuters.com/technology/after-colonial-attack-energy-companies-rush-secure-cyber-insurance-2021-05-28/">cyber insurance</a> which, for criminals, means easy moneymaking. </p>
<p>DarkSide’s business model is to offer a <a href="https://securityboulevard.com/2021/05/darkside-offered-ransomware-as-a-service-before-pipeline-attack/">ransomware service</a>. In other words, it carries out ransomware attacks on behalf of other, hidden perpetrator/s so they can lessen their liability. The executor and perpetrator then share profits. </p>
<p>Groups that offer cybercrime-as-a-service also provide online forum communications to support others who may want to improve their cybercrime skills. </p>
<p>This might involve teaching someone how to combine <a href="https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/">distributed denial-of-service (DDoS) and ransomware</a> attacks, to put extra pressure on negotiations. The ransomware would prevent a business from working on past and current orders, while a DDoS attack would block any new orders. </p>
<h2>REvil</h2>
<p>The ransomware-as-a-service group REvil is currently making headlines due to the ongoing Kaseya incident, as well as another recent attack on <a href="https://www.zdnet.com/article/fbi-attributes-jbs-ransomware-attack-to-revil/">global meat processing company JBS</a>. This group has been particularly active in 2020-2021. </p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/409893/original/file-20210706-25-cdxsbk.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/409893/original/file-20210706-25-cdxsbk.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=281&fit=crop&dpr=1 600w, https://images.theconversation.com/files/409893/original/file-20210706-25-cdxsbk.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=281&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/409893/original/file-20210706-25-cdxsbk.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=281&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/409893/original/file-20210706-25-cdxsbk.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=354&fit=crop&dpr=1 754w, https://images.theconversation.com/files/409893/original/file-20210706-25-cdxsbk.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=354&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/409893/original/file-20210706-25-cdxsbk.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=354&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">REvil’s HappyBlog web site showing US$70m ransom demand.</span>
<span class="attribution"><span class="source">Author provided</span></span>
</figcaption>
</figure>
<p>In April, REvil stole technical data on unreleased Apple products from Quanta Computer, a Taiwanese company that assembles Apple laptops. A <a href="https://www.theguardian.com/technology/2021/apr/22/ransomware-hackers-steal-plans-upcoming-apple-products">ransom of US$50 million</a> was demanded to prevent public release of the stolen data. It hasn’t been revealed whether or not this money was paid.</p>
<h2>Clop</h2>
<p>The ransomware <a href="https://www.mcafee.com/blogs/other-blogs/mcafee-labs/clop-ransomware/">Clop</a> was created in 2019 by a financially-motivated group responsible for yielding <a href="https://krebsonsecurity.com/2021/06/ukrainian-police-nab-six-tied-to-clop-ransomware/">half a billion US dollars</a>. </p>
<p>The Clop group’s speciality is “double-extortion”. This involves targeting organisations with ransom money in exchange for a decryption key that will restore the organisation’s access to stolen data. However, targets will then have to pay extra ransom to not have the data released publicly.</p>
<p>Historical examples reveal that organisations which pay a ransom once are more likely to pay again in the future. So hackers will tend to target the same organisations again and again, asking for more money each time. </p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/409895/original/file-20210706-13-1ammbxm.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/409895/original/file-20210706-13-1ammbxm.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=563&fit=crop&dpr=1 600w, https://images.theconversation.com/files/409895/original/file-20210706-13-1ammbxm.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=563&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/409895/original/file-20210706-13-1ammbxm.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=563&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/409895/original/file-20210706-13-1ammbxm.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=708&fit=crop&dpr=1 754w, https://images.theconversation.com/files/409895/original/file-20210706-13-1ammbxm.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=708&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/409895/original/file-20210706-13-1ammbxm.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=708&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">ClopLeaks website showing directly downloadable ransom files.</span>
<span class="attribution"><span class="source">Author provided</span></span>
</figcaption>
</figure>
<h2>Syrian Electronic Army</h2>
<p>Far from a typical cybercrime gang, the Syrian Electronic Army has been launching online attacks since 2011 to promote political propaganda. With this motive, they have been dubbed a <a href="https://www.akamai.com/uk/en/resources/syrian-electronic-army.jsp">hactivist</a> group.</p>
<p>While the group has <a href="https://opennet.net/emergence-open-and-organized-pro-government-cyber-attacks-middle-east-case-syrian-electronic-army">links</a> with Bashar al-Assad’s regime, it’s more likely made up of <a href="https://cvir.st-andrews.ac.uk/articles/10.15664/jtr.1294/">online vigilantes</a> trying to be <a href="https://opencanada.org/new-face-syrian-electronic-army/">media auxiliary</a> for the Syrian army.</p>
<p>Their technique is to distribute <a href="https://www.bbc.com/news/world-middle-east-22287326">fake news</a> through reputable sources. In 2013, a single tweet sent by them from the official account of the Associated Press, the world’s leading news agency, had the effect of <a href="https://www.washingtonpost.com/news/worldviews/wp/2013/04/23/syrian-hackers-claim-ap-hack-that-tipped-stock-market-by-136-billion-is-it-terrorism/">wiping billions</a> from the stock market. </p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/409836/original/file-20210706-13-w5mk2t.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/409836/original/file-20210706-13-w5mk2t.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=301&fit=crop&dpr=1 600w, https://images.theconversation.com/files/409836/original/file-20210706-13-w5mk2t.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=301&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/409836/original/file-20210706-13-w5mk2t.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=301&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/409836/original/file-20210706-13-w5mk2t.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=378&fit=crop&dpr=1 754w, https://images.theconversation.com/files/409836/original/file-20210706-13-w5mk2t.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=378&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/409836/original/file-20210706-13-w5mk2t.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=378&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">The fake AP tweet from the Syrian Electronic Army.</span>
<span class="attribution"><span class="source">www.theatlantic.com/</span></span>
</figcaption>
</figure>
<p>The Syrian Electronic Army exploits the fact that most people online have a tendency to interpret and react to content with an implicit sense of trust. And they’re a prime example of how the <a href="https://www.tandfonline.com/doi/full/10.1080/17440572.2012.759508?casa_token=8oYWCR5Hos4AAAAA%3Adkm-B8CSG9cg9d6GrvxHY0uGqzzxuD9jeSX43_DsIGkcAz1y-iStjCkWjTipxFcaNO0X9vldSJZLfoQ">boundaries</a> between crime and terror groups online are less distinct than in the physical world.</p>
<h2>FIN7</h2>
<p>If this list could contain a “super villain”, it would be FIN7. Another Russian-based group, FIN7 is arguably the most <a href="https://www.wired.com/story/fin7-carbanak-hacking-group-behind-a-string-of-big-breaches/">successful</a> online criminal organisation of all time. Operating since 2012, it mainly works as a <a href="https://geminiadvisory.io/fin7-syndicate-hacks-saks-fifth-avenue-and-lord-taylor/">business</a>. </p>
<p>Many of its operations have been undetected for years. Its data breaches have exploited <a href="https://www.fireeye.com/blog/threat-research/2017/03/fin7_spear_phishing.html">cross-attack</a> scenarios, wherein the data breach serves multiple purposes. For example, it may enable extortion through ransom while also allowing the attacker to use data against victims, such as by reselling it to a third party. </p>
<p>In early 2017, FIN7 was alleged to be behind an attack targeting <a href="https://www.scmagazine.com/home/security-news/network-security/fin7-spearphishing-campaign-targets-sec-filings/">companies providing filings</a> to the US Security and Exchange Commission. This confidential information was exploited and used to obtain ransom which was then invested on the stock exchange. </p>
<p>As such, the groups made huge sums of money by trading on confidential information. The <a href="https://www.amf-france.org/sites/default/files/2020-02/study-stock-market-cybercrime-_-definition-cases-and-perspectives.pdf">insider trading</a> scheme facilitated by hacking went on for many years — which is why it’s not possible to quantify the exact amount of economic damage. But it’s estimated to be well over US$1 billion.</p>
<h2>Organised crime vs organised criminals</h2>
<p>When it comes to complex criminal organisations, <a href="https://attack.mitre.org/techniques/enterprise/">techniques</a> <a href="https://www.trendmicro.com/vinfo/au/security/news/cybercrime-and-digital-threats/ransomware-double-extortion-and-beyond-revil-clop-and-conti">evolve</a> and <a href="https://link.springer.com/article/10.1007/s12117-018-9342-y">motives</a> vary.</p>
<p>The way they organise themselves and commit crimes online is <a href="https://link.springer.com/article/10.1007/s12117-020-09397-5">very different</a> from your local offline gang. Ransomware can be launched from anywhere in the world, so it’s very difficult to prosecute these criminals. Matters are made even more complicated when several parties coordinate across borders.</p>
<p>It’s no wonder the challenge for law enforcement agencies is significant. It’s crucial that authorities investigating an attack are sure it was indeed perpetrated by who they suspect. But to know this, they need all the help they can get. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/nothing-like-the-mafia-cybercriminals-are-much-like-the-everyday-poorly-paid-business-worker-150953">Nothing like the mafia: cybercriminals are much like the everyday, poorly paid business worker</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/163977/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>The recent attack on software supplier Kaseya has been labelled as the biggest global ransomware attack on record.Roberto Musotto, Research fellow, Edith Cowan UniversityBrianna O'Shea, Lecturer, Ethical Hacking and Defense, Edith Cowan UniversityPaul Haskell-Dowland, Associate Dean (Computing and Security), Edith Cowan UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1613832021-05-26T12:13:17Z2021-05-26T12:13:17ZColonial Pipeline forked over $4.4M to end cyberattack – but is paying a ransom ever the ethical thing to do?<figure><img src="https://images.theconversation.com/files/402686/original/file-20210525-19-16a6rzj.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C6000%2C3997&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">What would happen if companies stopped paying ransoms?</span> <span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/news-photo/photo-taken-on-may-11-2021-shows-a-colonial-pipeline-news-photo/1233000644?adppopup=true">Liu Jie/Xinhua via Getty Images</a></span></figcaption></figure><p>It took little over two hours for hackers to <a href="https://cybernews.com/editorial/darkside-strives-for-ethical-hacking-after-hitting-a-vital-fuel-pipeline-in-the-us/">gain control</a> of more than 100 gigabytes of information from Colonial Pipeline on May 7, 2021 – causing the firm to shut down its fuel distribution network and sparking widespread <a href="https://morningconsult.com/2021/05/19/gasoline-shortage-polling/">fears</a> of a gasoline shortage. The decision to pay off the attackers was also <a href="https://www.washingtonpost.com/business/2021/05/19/colonial-pipeline-ransom-joseph-blunt/">made with apparent speed</a>, but the ethical arguments involved are age old and the implications could reverberate well into the future.</p>
<p>Cyberattacks, including those on <a href="https://www.cisa.gov/critical-infrastructure-sectors">critical infrastructure</a> in the U.S., are nothing new. Ransomware, a type of <a href="http://dx.doi.org/10.2139/ssrn.3746754">malicious software</a> that locks access to a computer until a ransom is paid, has been a component of the cyberthreat landscape since the mid-2000s. But the Colonial Pipeline breach raised the stakes and highlighted the ability of ransomware to interrupt the vital services on which Americans rely.</p>
<p>As scholars of <a href="https://scholar.google.com/citations?user=YtgRGx0AAAAJ&hl=en">cybersecurity policy</a>, in particular <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2978305">critical infrastructure protection</a> and <a href="https://www.govtech.com/security/deal-with-ransomware-the-way-police-deal-with-hostage-situations.html">ransomware</a>, we think it important to consider the legal and ethical questions surrounding ransomware payments – just because paying off cyberattackers may be lawful in some contexts, that still doesn’t make it the morally correct thing to do.</p>
<h2>To pay or not to pay</h2>
<p>It has been widely reported that the Colonial Pipleline CEO <a href="https://www.wsj.com/articles/colonial-pipeline-ceo-tells-why-he-paid-hackers-a-4-4-million-ransom-11621435636">Joseph Blount agreed</a> to pay a US$4.4 million ransom to <a href="https://www.bbc.com/news/business-57050690">DarkSide</a>, the Russia-based group behind the cyber attack. </p>
<p>In describing his decision, which he said did not come lightly, <a href="https://www.wsj.com/articles/colonial-pipeline-ceo-tells-why-he-paid-hackers-a-4-4-million-ransom-11621435636">Blount argued that it was justifiable</a> given that it was “the right thing to do for the country.”</p>
<p>Official guidance suggests otherwise. In October 2020, the Treasury Department <a href="https://home.treasury.gov/system/files/126/ofac_ransomware_advisory_10012020_1.pdf">warned that ransomware payments are a violation of its rules</a> and would only encourage future demands. Although there is no federal legislation, such states as California, Texas and Michigan have <a href="https://www.ibrc.indiana.edu/studies/State-of-Hoosier-Cybersecurity-2020.pdf">cyber-extortion laws</a> on the books that discourage ransomware payments.</p>
<p>Often, though, the decision of whether to pay falls in a legal and ethical gray area.</p>
<p>CEOs can turn to three main schools of ethics in guiding decisions about whether to pay ransoms based on virtues, duties and consequences. </p>
<p>Under <a href="https://plato.stanford.edu/entries/ethics-virtue/">virtue ethics</a>, which traces its origins to philosophers Plato, Aristotle and Confucius, people make decisions based on a set of virtues or character traits such as honesty and loyalty. In and of itself, the tradition does not help in situations that require weighing one virtue against another, such as not wishing to reward criminal activity against preventing disruption to the wider American public. For example, Colonial Pipeline CEO Blount <a href="https://www.wsj.com/articles/colonial-pipeline-ceo-tells-why-he-paid-hackers-a-4-4-million-ransom-11621435636">expressed a moral distaste</a> in paying “people like this,” but ultimately decided to override that concern based on other factors. </p>
<p>Another way to approach challenging ethical decisions is through what is called the <a href="https://plato.stanford.edu/entries/ethics-deontological/">deontological approach</a>, which holds that actions are good or bad determined by a clear set of rules. So another way to come at the question of whether to pay a ransom is to ask, “How does doing so align with recognized universal duties?”</p>
<p>The problem with cybersecurity is that, given the rapidly changing technological and regulatory environment, it is not always clear what the “golden rules” are, or even if any have been established. Some business leaders may even perceive a duty to pay as Blount did, especially in the case of critical infrastructure such as pipelines on which so many people rely. </p>
<p>The ethics of ransomware payments can also be viewed through the consequences of the decision to yourself, your family, your ganization and, as Blount suggested, the country and the world. <a href="https://plato.stanford.edu/entries/utilitarianism-history/">Utilitarian philosophers</a> hold that what is important is promoting the greatest good for the greatest number of people. </p>
<p>This is often described in boardrooms and policy circles as cost-benefit analysis. Yet it’s not always clear where to put that next dollar of investment to maximize the good and minimize the harm in the long term. In dealing with ransomware, for example, backing up data is key, as is practicing <a href="https://theconversation.com/zero-trust-security-assume-that-everyone-and-everything-on-the-internet-is-out-to-get-you-and-maybe-already-has-160969">zero-trust security</a>, an approach in which companies assume that their networks are already compromised and act accordingly. But doing so can be complex, and investments might cause fewer benefits than if the money were invested elsewhere.</p>
<h2>Pros of paying</h2>
<p>In practice, business leaders use all these ethical tools, and more, in deciding whether or not to pay – and there isn’t much time to weigh the options. Colonial Pipeline CEO Blount’s decision reportedly <a href="https://www.washingtonpost.com/business/2021/05/19/colonial-pipeline-ransom-joseph-blunt/">came almost immediately</a>. </p>
<p>And it isn’t universally accepted that Colonial Pipeline came to the right decision.</p>
<p>Some cybersecurity professionals want to ban paying out ransoms to <a href="https://www.washingtonpost.com/politics/2021/05/21/cybersecurity-202-cybersecurity-pros-are-split-banning-ransomware-payments/">halt the growing problem of malware attacks for profit</a>. Others say banning payments would be a “<a href="https://www.bbc.com/news/technology-57173096">horrific game of chicken</a>” in which cyberattackers up the stakes until the consequences of not breaking the law are greater for the companies involved than the impact of the breach. And banning ransom payments outright would place an impossible burden on smaller businesses or organizations that do not have the resources to protect against malicious actors. </p>
<p>The thinking behind banning payments is that attacks might stop if they don’t yield payments. Yet if the attack has the capability of paralyzing an entire entity, paying up is often the <a href="https://www.bbc.com/news/technology-57173096">economically rational decision in the short term</a>. An attack on the Irish Healthcare System in May, for example, is expected to cost <a href="https://www.nytimes.com/2021/05/20/technology/ransomware-attack-ireland-hospitals.html">tens of millions of euros to rebuild the network</a>. Cybersecurity experts estimate that companies hit by attacks take an average of <a href="https://www.washingtonpost.com/technology/2021/05/15/ransomware-colonial-darkside-cyber-security/">287 days to fully recover to normal operations </a>.</p>
<p>[<em>Understand new developments in science, health and technology, each week.</em> <a href="https://theconversation.com/us/newsletters/science-editors-picks-71/?utm_source=TCUS&utm_medium=inline-link&utm_campaign=newsletter-text&utm_content=science-understand">Subscribe to The Conversation’s science newsletter</a>.]</p>
<h2>Ransomware as a service</h2>
<p>The rapid proliferation of attacks has been fueled by a new business model known as “ransomware as a service.” Ransomware developers sell personalized variants to “<a href="https://us-cert.cisa.gov/ncas/alerts/aa21-131a">affiliates</a>” – cybercriminals who deploy the <a href="https://us-cert.cisa.gov/ncas/alerts/aa21-131a">ransomware</a>.</p>
<p>With the emergence of ransomware as a service, ransomware can be profitable for both the developers of the variant and the affiliates.</p>
<p>Not all affiliates and ransomware developers are governed by the same moral code. DarkSide, which conducted the Colonial Pipeline attack, has its own set of principles, which include not attacking certain targets, such as <a href="https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/">medical services, the educational establishment and nonprofit organizations</a>. </p>
<p>DarkSide has also been known to promise it will completely leave a network alone after <a href="https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/">ransom is paid</a>. </p>
<p>The FBI discourages payment, partly on the grounds that it is not a guarantee that a company will not be hit again.</p>
<p>But the message is mixed. Law enforcement agencies encourage victims not to pay, but paying ransom is not illegal, and even <a href="https://www.darkreading.com/attacks-breaches/police-pay-off-ransomware-operators-again/d/d-id/1319918">police departments</a> have been known to pay up when their systems have been compromised. And while the Treasury Department has been investigating new financial penalties against payment of ransoms, <a href="https://www.washingtonpost.com/technology/2021/05/15/ransomware-colonial-darkside-cyber-security/">to date none have been levied</a>. </p>
<p>But even without the threat of legal sanction, payment of ransomware will continue to pose a moral dilemma.</p><img src="https://counter.theconversation.com/content/161383/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Scott Shackelford is a principal investigator on grants from the Hewlett Foundation, Indiana Economic Development Corporation, and the Microsoft Corporation supporting both the Ostrom Workshop Program on Cybersecurity and Internet Governance and the Indiana University Cybersecurity Clinic.
</span></em></p><p class="fine-print"><em><span>Megan Wade is affiliated with the Ostrom Workshop for Cybersecurity and Internet Governance at Indiana University.</span></em></p>The FBI and Treasury Department frown on the idea of paying off cyber attackers. But there is sufficient ethical and legal gray areas to make it a real moral quandary for business leaders.Scott Shackelford, Associate Professor of Business Law and Ethics; Executive Director, Ostrom Workshop; Cybersecurity Program Chair, IU-Bloomington, Indiana UniversityMegan Wade, Research Affiliate at the Ostrom Workshop for Cybersecurity and Internet Governance, Indiana UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1270322019-11-18T14:28:00Z2019-11-18T14:28:00ZFighting piracy in the Gulf of Guinea needs a radical rethink<figure><img src="https://images.theconversation.com/files/301921/original/file-20191115-66945-1tojfeo.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Ivorian sailors participate in an anti-piracy hostage rescue scenario with the Ghanaian Navy during Exercise Obangame Express. </span> <span class="attribution"><span class="source">Wikimedia Commons</span></span></figcaption></figure><p>The Bonita had been anchored off Benin for several days, waiting for a berth in the port of Cotonou. On November 2, 2019 the crew had a traumatic awakening. Armed men boarded the vessel and <a href="https://beninwebtv.com/en/2019/11/benin-09-persons-kidnapped-in-a-ship-attack-at-cotonou-port/">kidnapped nine crew members</a>. Only two days later, <a href="https://www.dw.com/en/pirates-attack-greek-oil-tanker-off-togo/a-51108398">four seafarers were kidnapped</a> from the Elka Aristotle, which was anchored off Lomé in neighbouring Togo.</p>
<p>Unfortunately, these were not the only attacks off the coast of West Africa in which seafarers were kidnapped. Nevertheless, the patterns are changing, with <a href="https://riskintelligence.eu/articles/long-term-perspective-west-africa-and-gulf-guinea-piracy">gradual signs of improvement</a>. In addition, attacker success rates in the region have declined from <a href="https://riskintelligence.eu/articles/long-term-perspective-west-africa-and-gulf-guinea-piracy">80% over ten years ago to just under 50% in 2018</a>.</p>
<p>Another change has been the fact that attacks have become more visible. This is at least partly due to increased cooperation among countries in West and Central Africa. They adopted the <a href="http://www.imo.org/en/OurWork/Security/WestAfrica/Documents/code_of_conduct%20signed%20from%20ECOWAS%20site.pdf">Yaoundé Code of Conduct</a> in 2013, aimed at fighting illicit activities at sea. Implementation has been slow, yet navies and maritime agencies in the region have become much more active in collecting relevant information.</p>
<p>Based on my research into maritime security in the region, I have become increasingly convinced that sustainable improvements are impossible when the focus is solely on piracy. In many cases, kidnappings of seafarers are an extension of land-based problems – such as fuel smuggling and illegal migration – and have to be tackled as such.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/african-states-dont-prioritise-maritime-security-heres-why-they-should-77685">African states don't prioritise maritime security – here's why they should</a>
</strong>
</em>
</p>
<hr>
<p>In my view, <a href="https://www.bimco.org/news/priority-news/20190108-call-for-gog-counter-piracy">demands by the shipping industry</a> for international navies to become more involved in counter-piracy operations won’t lead to lasting solutions. These can only be successful if they are designed based on regional requirements and take on board regional initiatives aimed at tackling a multiplicity of social problems, rather than just one.</p>
<h2>Links to crime on land</h2>
<p>High-profile attacks – such as the recent kidnappings – are generally carried out by criminal groups based in Nigeria’s Niger Delta region. </p>
<p><a href="https://theconversation.com/what-nigeria-must-do-to-deal-with-its-ransom-driven-kidnapping-crisis-116547">Kidnappings on land have been a long-standing problem</a> for security forces there. Collecting ransoms has become a lucrative business model which requires foot soldiers, access to camps for holding hostages, and negotiators with the necessary skills. All these things can be found in the Niger Delta, where the lines between armed insurgents and organised criminals are often fluid. </p>
<p>For countries like Benin, Togo and Cameroon where Nigeria-based criminals have taken hostages from merchant ships this year, the situation is a concern. Ports in these countries are crucial for economic growth and development in terms of customs revenues. For example, <a href="https://www.mcc.gov/resources/story/story-story-kin-apr-2015-unlocking-a-regional-trade-bottleneck-in-benin">more than 40%</a> of Benin’s government revenues are collected in Cotonou’s port. Ensuring adequate security for maritime trade is therefore a strategic concern in Benin. Hence the government’s <a href="http://www.xinhuanet.com/english/2019-11/07/c_138536961.htm">quick announcement</a> of improved security measures for ships anchoring off Cotonou.</p>
<p>Most kidnappings still take place off the Nigerian coastline. The established pattern is one of hostages being taken and then released several weeks later for a ransom payment. This is according <a href="https://riskintelligence.eu/articles/long-term-perspective-west-africa-and-gulf-guinea-piracy">to analysis done</a> by the Danish security intelligence company Risk Intelligence.</p>
<p>The fact that there are more cases off the Nigerian coastline points to my contention that this criminal behaviour is closely linked to land-based criminal activities – such as fuel smuggling – which is <a href="https://www.dw.com/en/tracing-the-flow-of-nigerias-stolen-oil-to-cameroon/a-45918707">widespread in the area</a>.</p>
<p>When such incidents are analysed through a narrow piracy lens, efforts of navies and law enforcement agencies -– which are already suffering from a lack of resources –- are likely to be misguided. The narrow view might mistakenly focus, for example, on the capacity to respond at sea.</p>
<p>The problem of wrong analyses is made worse by international actors, for example the US and European governments, the European Union or international organisations. They often put a strong emphasis on combating piracy and provide financial or technical assistance to partners in West and Central Africa. But they rarely focus on illegal fishing, fuel smuggling or illegal migration. All these activities have been linked to attacks against merchant ships or fishing vessels. </p>
<h2>Broader understanding needed</h2>
<p>Fighting piracy in the Gulf of Guinea requires a broad understanding of maritime security. Acknowledging links between, for example, piracy and illegal fishing is vital for regional governments and external partners. On the most basic level, illegal fishing destroys fishers’ livelihoods, forcing some into piracy simply to earn an income. </p>
<p>A good example is the EU’s contradictory stance. On the one hand, it provides <a href="https://eeas.europa.eu/headquarters/headquarters-homepage/52490/eu-maritime-security-factsheet-gulf-guinea_en">€29 million</a> to support West Africa’s Integrated Maritime Security project. On the other hand, EU countries <a href="https://theconversation.com/eu-targets-fragile-west-african-fish-stocks-despite-protection-laws-125679">contribute to the depletion of fish stocks across West Africa</a>. </p>
<p>Countries around the Gulf of Guinea also have to <a href="https://theconversation.com/african-states-dont-prioritise-maritime-security-heres-why-they-should-77685">increase their efforts</a>. Laws regulating maritime operations are often deliberately opaque, disguising a lack of enforcement capacity and enabling corruption. Increasing transparency would highlight shortcomings and problems caused by insecurity at sea –- somewhat embarrassing for any government, but necessary to address these issues.</p>
<p>Recent efforts in Nigeria, including a large conference in October that led <a href="https://globalmaritimesecurityconf.com/2019/10/11/communique-for-the-global-maritime-security-conference-2019/">to the Abuja Declaration</a>, are a step in the right direction. The declaration highlighted shortcomings of countries around the Gulf of Guinea related to ocean governance and law enforcement at sea. Concrete actions have to follow.</p>
<p>More transparency could also help to improve relationships between the maritime industry and security agencies in the region. Lack of trust and limited cooperation have often hindered thorough investigations, feeding a simple narrative of piracy without a broader look at other maritime security challenges.</p><img src="https://counter.theconversation.com/content/127032/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Dirk Siebels works as a Senior Analyst for Risk Intelligence, specialising in maritime security issues in sub-Saharan Africa, primarily in West and Central Africa.</span></em></p>Feeding a simple narrative of piracy without a broader look at other maritime security challenges hinders progress in dealing with it.Dirk Siebels, PhD (Maritime Security), University of GreenwichLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1261902019-11-11T01:57:03Z2019-11-11T01:57:03ZHackers are now targeting councils and governments, threatening to leak citizen data<figure><img src="https://images.theconversation.com/files/299648/original/file-20191031-28972-148wkim.jpg?ixlib=rb-1.1.0&rect=119%2C17%2C3874%2C2221&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Ransomware attacks are becoming increasingly complex, as hackers find creative ways to beat ordinary systems of defence. </span> <span class="attribution"><a class="source" href="https://www.flickr.com/photos/christiaancolen/33904011110/in/photostream/">christiaancolen/flickr</a>, <a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a></span></figcaption></figure><p>In recent weeks, <a href="https://www.zdnet.com/article/city-of-johannesburg-held-for-ransom-by-hacker-gang/">Johannesburg’s computer network was held for ransom</a> by a hacker group called Shadow Kill Hackers. This was the <a href="https://www.bbc.com/news/technology-49125853">second time</a> in three months a ransomware attack has hit South Africa’s largest city. This time, however, hackers didn’t pose the usual threat. </p>
<p>Rather than denying the city <a href="https://www.hkcert.org/ransomware.hk/ransomware-basic.html">access to its data</a>, the standard blackmail in a ransomware attack, they threatened to publish it online. This style of attack, known as <a href="https://en.wikipedia.org/wiki/Ransomware#Leakware_(also_called_Doxware)">leakware</a>, allows hackers to target more victims in a single attack – in this case the city’s citizens.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/what-is-ransomware-and-how-to-protect-your-precious-files-from-it-54048">What is ransomware and how to protect your precious files from it</a>
</strong>
</em>
</p>
<hr>
<p>The latest Johannesburg attack was the second leakware attack of this type ever recorded, and a similar attack could hit Australia soon. And although our current cyberattack defences are more advanced than many countries, we could be taken by surprise because of the unique way leakware operates. </p>
<h2>A new plan of attack</h2>
<p>During the Johannesburg attack, city employees received a computer message saying hackers had “compromised all passwords and sensitive data such as finance and personal population information”. In exchange for not uploading the stolen data online, destroying it and revealing how they executed the breach, the hackers demanded four bitcoins (worth about A$52,663) - “a small amount of money” for a vast city council, they said. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/299645/original/file-20191031-187903-1ykyg4q.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/299645/original/file-20191031-187903-1ykyg4q.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/299645/original/file-20191031-187903-1ykyg4q.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=474&fit=crop&dpr=1 600w, https://images.theconversation.com/files/299645/original/file-20191031-187903-1ykyg4q.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=474&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/299645/original/file-20191031-187903-1ykyg4q.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=474&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/299645/original/file-20191031-187903-1ykyg4q.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=595&fit=crop&dpr=1 754w, https://images.theconversation.com/files/299645/original/file-20191031-187903-1ykyg4q.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=595&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/299645/original/file-20191031-187903-1ykyg4q.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=595&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">The hacker group operated a Twitter account, on which they posted a photo showing the directories they had access to.</span>
<span class="attribution"><span class="source">ShadowKillGroup/twitter</span></span>
</figcaption>
</figure>
<p>In this case, access to data was not denied. But the threat of releasing data online can put enormous pressure on authorities to comply, or they risk releasing citizens’ sensitive information, and in doing so, betraying their trust. </p>
<p>The city of Johannesburg decided <a href="https://coingeek.com/we-shall-not-pay-the-ransom-johannesburg-tells-hackers/">not to pay the ransom</a> and to restore systems on its own. Yet we don’t know whether the data has been released online or not. The attack suggests cybercriminals will continue to experiment and innovate in a bid to defeat current prevention and defence measures against leakware attacks.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/299644/original/file-20191031-187898-hhld2p.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/299644/original/file-20191031-187898-hhld2p.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/299644/original/file-20191031-187898-hhld2p.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=450&fit=crop&dpr=1 600w, https://images.theconversation.com/files/299644/original/file-20191031-187898-hhld2p.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=450&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/299644/original/file-20191031-187898-hhld2p.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=450&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/299644/original/file-20191031-187898-hhld2p.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=566&fit=crop&dpr=1 754w, https://images.theconversation.com/files/299644/original/file-20191031-187898-hhld2p.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=566&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/299644/original/file-20191031-187898-hhld2p.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=566&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">This login screen message was displayed on computers in Johannesburg following the attack.</span>
<span class="attribution"><span class="source">pule_madumo/twitter</span></span>
</figcaption>
</figure>
<p>Another notable leakware attack happened a decade ago against the US state of Virginia. <a href="https://www.govtech.com/security/Cyber-Criminal-Demands-10-Million.html">Hackers stole</a> prescription drug information from the state and tried obtaining a ransom by threatening to either release it online, or sell it to the highest bidder. </p>
<h2>When to trust the word of a cybercriminal?</h2>
<p>Ransomware attack victims face two options: <a href="https://www.sciencedirect.com/science/article/pii/S1361372316300367">pay, or don’t pay</a>. If they choose the latter, they need to try other methods to recover the data being kept from them. </p>
<p>If a ransom is paid, criminals will often decrypt the data as promised. They do this to encourage compliance in future victims. That said, paying a ransom <a href="https://www.bleepingcomputer.com/news/security/paying-the-coverton-ransomware-may-not-get-your-data-back/">doesn’t guarantee the release or decryption of data</a>. </p>
<p>The type of attack experienced in Johannesburg poses a new incentive for criminals. Once the attackers have stolen the data, and have been paid the ransom, the data still has extractive value to them. This gives them <a href="https://arxiv.org/pdf/1707.06247.pdf">duelling incentives</a> about whether to publish the data or not, as publishing it would mean they could continue to extort value from the city by targeting citizens directly. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/ransomware-attacks-on-cities-are-rising-authorities-must-stop-paying-out-122347">Ransomware attacks on cities are rising – authorities must stop paying out</a>
</strong>
</em>
</p>
<hr>
<p>In cases where victims decide not to pay, the solution so far has been to have strong, separate and updated <a href="https://www.csoonline.com/article/3331981/how-to-protect-backups-from-ransomware.html">data backups</a>, or use one of <a href="https://www.nomoreransom.org/en/index.html">the passkeys available online</a>. Passkeys are decryption tools that help regain access to files once they’ve been held at ransom, by applying a repository of keys to unlock the most common types of ransomware. </p>
<p>But these solutions don’t address the negative outcomes of leakware attacks, because the “<a href="https://www2.deloitte.com/content/dam/Deloitte/bm/Documents/risk/cayman-islands/2017%20Deloitte%20-%20Taking%20data%20hostage%20-%20The%20rise%20of%20ransomware.PDF">hostage</a>” data is not meant to be released to the victim, but to the public. In this way, criminals manage to innovate their way out of being defeated by backups and decryption keys. </p>
<h2>The traditional ransomware attack</h2>
<p>Historically, <a href="https://www.techopedia.com/definition/4337/ransomware">ransomware attacks denied users access to their data, systems or services</a> by locking them out of their computers, files or servers. This is done through obtaining passwords and login details and changing them fraudulently through the process of <a href="https://en.wikipedia.org/wiki/Phishing">phishing</a>. </p>
<p>It can also be done by encrypting the data and converting it to a format that makes it inaccessible to the original user. In such cases, criminals contact the victim and pressure them into paying a ransom in exchange for their data. The criminal’s success depends on both the value the data holds for the victim, and the victim’s inability to retrieve the data from elsewhere. </p>
<p>Some cybercriminal groups have even developed complex online “<a href="https://www.computerworld.com/article/3173698/ransomware-customer-support-chat-reveals-criminals-ruthlessness.html">customer support</a>” assistance channels, to help victims buy cryptocurrency or otherwise assist in the process of paying ransoms. </p>
<h2>Trouble close to home</h2>
<p>Facing the risk of losing sensitive information, companies and governments often pay ransoms. This is <a href="https://www.synergetic.net.au/ransomware-attacks-on-the-rise-in-australia/">especially true</a> in Australia. Last year, 81% of Australian <a href="https://www.synergetic.net.au/ransomware-attacks-on-the-rise-in-australia/">companies</a> that experienced a cyberattack were held at ransom, and 51% of these paid.</p>
<p>Generally, paying tends to <a href="http://www.rmmagazine.com/2016/05/02/ransomware-attacks-pose-growing-threat/">increase the likelihood</a> of future attacks, extending vulnerability to more targets. This is why ransomware is a rising global threat. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/when-it-comes-to-ransomware-its-sometimes-best-to-pay-up-78036">When it comes to ransomware, it's sometimes best to pay up</a>
</strong>
</em>
</p>
<hr>
<p>In the first quarter of 2019, <a href="https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-aug-2019.pdf">ransomware attacks went up by 118%</a>. They also became more targeted towards governments, and the healthcare and legal sectors. Attacks on these sectors are now more lucrative than ever. </p>
<p>The threat of leakware attacks is increasing. And as they become more advanced, Australian city councils and organisations should adapt their defences to brace for a new wave of sophisticated onslaught. </p>
<p>As history has taught us, it’s <a href="https://www.theguardian.com/australia-news/2019/oct/01/systems-shut-down-in-victorian-hospitals-after-suspected-cyber-attack">better to be safe</a> than sorry.</p><img src="https://counter.theconversation.com/content/126190/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Roberto Musotto received funding from H2020. He is affiliated with the Cyber Security Research Cooperative Centre (CSCRC). </span></em></p><p class="fine-print"><em><span>Brian Nussbaum is an assistant professor at the College of Emergency Preparedness, Homeland Security and Cybersecurity (CEHC) at the University at Albany, a cybersecurity fellow with the think tank New America, and an affiliate scholar with the Center for Internet and Society (CIS) at Stanford Law School.</span></em></p>A recent leakware attack targeting Johannesburg was the second of its kind ever recorded. Hackers demanded A$52,663 worth of bitcoins, in return for not releasing senstivie civilian information.Roberto Musotto, Cyber Security Cooperative Research Centre Postdoctoral Fellow, Edith Cowan UniversityBrian Nussbaum, Assistant Professor at College of Emergency Preparedness, Homeland Security and Cybersecurity, University at Albany, State University of New YorkLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1165472019-05-20T13:44:57Z2019-05-20T13:44:57ZWhat Nigeria must do to deal with its ransom-driven kidnapping crisis<figure><img src="https://images.theconversation.com/files/274357/original/file-20190514-60529-hpe03j.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Nigerians living in Spain rally against Boko Haram insurgents who abducted over 200 girls from a school in Chibok, northeast of the country. </span> </figcaption></figure><p>Frequent acts of violent crime have grown to form a major threat to Nigeria’s <a href="http://www.iosrjournals.org/iosr-jhss/papers/Vol20-issue1/Version-4/K2014123133.pdf">national security</a>. These include instances of militancy, insurgency and banditry. Banditry includes cattle rustling, armed robbery and kidnapping for ransom. </p>
<p>Kidnapping has remained the most virulent form of banditry in Nigeria. It has become the most pervasive and intractable violent crime in the country. </p>
<p>Kidnapping can be targeted at individuals or at groups. School children have been kidnapped in groups in various parts of Nigeria. Usually, the prime targets of kidnapping for ransom are those considered to be wealthy enough to pay a fee in exchange for being freed. </p>
<p><a href="https://knoema.com/atlas/Nigeria/Kidnapping-rate">Kidnapping</a> is the unlawful detention of a person through the use of force, threats, fraud or enticement. The purpose is an illicit gain, economic or material, in exchange for liberation. It may also be used to pressure someone into doing something – or not doing something.</p>
<p>Nigeria has one of the world’s <a href="https://constellis-production-tmp.s3.amazonaws.com/uploads/document/file/103/CONSTELLIS_CONFIDENTIAL_-_Global_Kidnap_for_Ransom_Report_-_May_2018.pdf">highest rates</a> of kidnap-for-ransom cases. Other countries high up on the list included Venezuela, Mexico, Yemen, Syria, the Philippines, Iraq, Afghanistan and Somalia. </p>
<p>Thousands of Nigerians have been kidnapped for ransom and other purposes <a href="https://knoema.com/atlas/Nigeria/Kidnapping-rate">over the years</a>. Kidnapping has prevailed in spite of measures put in place by the government. The Nigerian police’s anti-kidnapping squad, introduced in the 2000s, has endeavoured to stem the menace. But this been to no avail, mainly due to a lack of manpower and poor logistics. </p>
<p>In my view these efforts have also failed because of weak sanctioning and deterrence mechanisms. Kidnapping thrives in an environment that condones crime; where criminal opportunism and impunity prevail over and above deterrence. </p>
<p>This obviously calls for an urgent review of Nigeria’s current anti-kidnapping approach to make it more effective.</p>
<h2>Opportunistic and organised bandits</h2>
<p>Even prior to the advent of colonialism there were <a href="http://www.projectsxtra.com/resources/1498.html">recorded cases</a> of kidnap for rape, ritual or for other purposes in various parts of Nigeria. But kidnapping today is done primarily for ransom – either money or its material equivalent to be paid for someone’s release. The underlying logic of the kidnapping enterprise is that the victim is worth a ransom value and they or their proxy have the capacity to pay.</p>
<p>Each victim has a so-called <a href="https://iiste.org/Journals/index.php/RHSS/article/viewFile/11987/12311">“kidnap ransom value”</a> which makes them an attractive target. This value is determined by a number of factors. These include the victim’s socio-economic or political status, family or corporate premium on the victim, the type of kidnappers involved, as well as the dynamics of ransom negotiation. </p>
<p>The kidnapping business in Nigeria has been mostly perpetrated by <a href="https://allafrica.com/view/group/main/main/id/00021893.html">criminal gangs</a> and violent groups pursuing <a href="https://journals.sagepub.com/doi/full/10.1177/1461355719832619">political agendas</a>. Bandits have often taken to kidnapping for ransom to make money. The <a href="https://www.newsweek.com/nigeria-most-wanted-nigeria-evans-kidnapping-624313">escapades</a> of the famous kidnap kingpin, Evans, speak volumes of this pattern of kidnapping. Evans was a multimillionaire kidnapper who was arrested in Lagos a few years ago. He is currently is detention awaiting trial.</p>
<p>Organised violent groups such as militants and insurgents have also been involved in kidnap for ransom in Nigeria. Current trends have been <a href="http://www.projectsxtra.com/resources/1498.html">linked back</a> to the example set by Niger Delta militants who resorted to solo and group abductions as a means of generating funds both for private use and for the cause of a particular group. </p>
<p>Similarly, Boko Haram insurgents have <a href="http://venuesafrica.com/boko-haram-makes-cash-from-stolen-cattle-January">used the proceeds</a> of kidnapping to keep their insurgency afloat. The insurgents engage in single or group kidnapping as a means of generating money to fund their activities. Huge sums are often paid as ransom by the victims’ families and associates to secure their release.</p>
<p>In addition to militants and insurgents, organised local and transnational criminal syndicates have been involved. This is happening to <a href="http://www.thenewhumanitarian.org/news-feature/2018/09/13/zamfara-nigeria-s-wild-northwest">apocalyptic proportions</a> in North West Nigeria where rural bandits engage regularly in kidnapping in the states of Zamfara, Kaduna, Katsina, Kebbi and Sokoto.</p>
<h2>The cost</h2>
<p>Kidnapping has led to the loss of tens of thousands of lives and huge sums of money in Nigeria. Many of the victims of the crime have been killed in the course of their abduction, custody or release. Many more have been injured. This is in addition to huge amounts of money lost to ransom takers. </p>
<p>For the victims and their families and friends, the consequences are even more frightful. </p>
<p>Nigeria should never have got here. Kidnappers persist because the benefits of their crimes exceed the costs. So the obvious solution is to raise the costs by imposing harsher, surer penalties. The present penalty for kidnapping ranges from one to 20 years in prison, with the possibility of life imprisonment for extreme cases involving, for instance, murder. </p>
<p>Stricter measures, such as life imprisonment or the death penalty, may not be completely out of place in dealing with the kidnapping menace. After all, the crime of kidnapping is a maximum threat that requires an equally maximum deterrence.</p><img src="https://counter.theconversation.com/content/116547/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Chukwuma Al Okoli receives funding from: Tertiary Education Trust Fund, Nigeria and Council for the Development of Social Science Research in Africa (CODESRIA) </span></em></p>Kidnapping in Nigeria has blossomed into a burgeoning criminal enterprise.Al Chukwuma Okoli, Lecturer/Resident Researcher Department of Political Science, Federal University LafiaLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/804872017-07-12T14:18:13Z2017-07-12T14:18:13ZNigeria won’t end kidnapping without making risks outweigh rewards<figure><img src="https://images.theconversation.com/files/176924/original/file-20170705-5202-1aw1yny.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Nigerian militants patrol the oil rich Niger delta region, the birth place of commercial kidnapping in the country.</span> <span class="attribution"><span class="source">EPA/Stringer</span></span></figcaption></figure><p>Kidnapping is an ancient crime dating back to 17th century Britain when infant children of rich families would be <a href="http://www.newworldencyclopedia.org/entry/Kidnapping">“napped” (caught in their sleep)</a> and taken away for ransom. The first major case of kidnapping reported in the US was that of four-year old <a href="http://origins.osu.edu/article/child-kidnapping-america">Charley Brewster</a> who was lured away in Pennsylvania in 1874 by two strange men with the promise of candy and fireworks. The men later sent ransom notes to the boy’s father through the post office. His father didn’t pay, the boy was never found.</p>
<p>Kidnapping has since evolved. Today it’s a well organised and highly sophisticated crime which occurs in many parts of the world. </p>
<p>In Nigeria it has <a href="http://iiste.org/Journals/index.php/RHSS/article/viewFile/11987/12311">become quite common</a>, competing with crimes such as armed robbery, piracy and cattle rustling in frequency and in violence. It has <a href="https://www.voanews.com/a/for-nigeria-criminals-kidnapping-remains-lucrative-trade/2846383.html">grown rapidly</a> over the years and is now entrenched as a dominant form of organised crime in the country. </p>
<p>The benefits of kidnapping far outweigh its costs in the country. The legal frameworks of criminal justice aren’t efficient enough to sanction crime and ensure proper deterrence. Opportunistic Nigerians rationalise that the benefits outweigh the risks. This probably explains the high incidence and apparent intractability of kidnapping in the country. </p>
<p>The <a href="http://www.vanguardngr.com/2017/06/arrested-kidnapper-evans-buys-170k-wristwatch/">recent arrest</a> of Chukwudumeme Onwuamadike (a.k.a Evans), who has become the poster boy for kidnapping in Nigeria, has once again raised questions about what lies behind the rise in cases in the country. And what can be done about it.</p>
<h2>History of kidnapping</h2>
<p><a href="http://www.academia.edu/32278765/AN_ANALYSIS_OF_THE_CAUSES_AND_CONSEQUENCES_OF_KIDNAPPING_IN_NIGERI">Early cases of kidnappings</a> in Nigeria were abductions mainly for ritual killing, slavery and forced marriage. There were also cases where individuals were abducted during communal wars and held as bait for strategic trade-offs. These types of kidnapping have been ongoing in various places in the country for years. </p>
<p>The rise of mercantilist kidnapping – or kidnap for ransom in Nigeria – is a recent development. It began in the 1990s with the activities of Niger Delta militants who engaged in hostage taking to press their demands for fiscal federalism, resource control and environmental rights for their communities polluted by decades of oil exploration. </p>
<p>The militants, who assumed the status of activists and agitators for their region, wanted to attract attention to the plight of the region and to compel the government and oil multinationals to clean up their environment, pay compensation for years of exploitation and bring investment and development. They targeted expatriate workers of the oil firms as well as principal government functionaries for hostage taking.</p>
<p>There was a significant drop in the incidence of kidnapping in the region following the deescalation of the Niger Delta crisis at the turn of the century. By this time though, the crime was already becoming a booming franchise in nearby South-eastern Nigeria, with Abia and Anambra States as critical flash points. These states, and others in the region, became hotbeds for kidnappers who often targeted the rich and the influential for criminal economic benefit. </p>
<p>In the years that followed, kidnapping for ransom quickly spread to different parts of the country, including states like Edo, Lagos, Ogun, and some northern states of Nigeria.</p>
<p>So why is kidnapping thriving in Nigeria? There seem to be three factors driving the crime today. </p>
<p>The first is the quest for material accumulation. The <a href="http://journals.sagepub.com/doi/abs/10.1177/0038038506067516">second is tough socio-economic conditions</a>. And the third is a sense of fearlessness and impunity on the part of perpetrators who feel that they will get away with the crime. </p>
<p>Kidnapping typifies a tendency towards criminal economic accumulation and social advancement which thrives in societies that have the following characteristics:</p>
<ul>
<li><p>People struggle to survive because of high levels of poverty, </p></li>
<li><p>Growing social inequality and deprivation</p></li>
<li><p>The prevalence of impunity</p></li>
<li><p>A lax and inefficient criminal code</p></li>
<li><p>Weak law enforcement procedures and capabilities, and </p></li>
<li><p>An ineffective criminal justice system. </p></li>
</ul>
<h2>The fall of a kidnap kingpin</h2>
<p>The media and law enforcement agencies in Nigeria refer to Chukwudumeme Onwuamadike (a.k.a Evans) as the <a href="http://www.premiumtimesng.com/news/top-news/233708-how-arrested-kidnap-kingpin-evans-made-millions-of-dollars-from-ransom-police.html">kidnap kingpin</a>. </p>
<p>His capture has some critical implications. First, it has exposed the level of sophistication that kidnapping has reached in the country. Second, it has revealed that kidnapping syndicates, no matter how sophisticated, are not invincible. Third, it has buttressed the argument that, armed with an effective strategy, the police can control the incidence of kidnapping in the country. </p>
<p>And lastly, it’s shown that a lot needs to be done to control crime in Nigeria. </p>
<p>The arrest of Evans doesn’t signify the end of the crime. Far from it. Rather it marks the dawn of a new era in Nigeria’s anti-kidnapping crusade. This is an opportunity – which if properly exploited – can reduce the attraction of kidnapping, and help the country move towards making the crime history. </p>
<h2>The way forward</h2>
<p>Nigeria must strengthen its laws for combating crime if it truly wants to fight and reduce kidnapping. Efforts must be made to ensure greater efficiency in the operations of the law to achieve greater impact. </p>
<p>I believe, like the American Economist Bryan Douglas Caplan <a href="http://econlog.econlib.org/archives/2010/06/the_strange_pol.html">that</a> “the kidnapping problem is not hard to solve” and that </p>
<blockquote>
<p>kidnappers kidnap because the benefits exceed costs. The obvious solution is to raise the costs by imposing harsher, surer punishments. </p>
</blockquote>
<p>To arrest the rising spate of kidnapping, Nigeria must entrench stiffer penalties. Some states have instituted the <a href="http://www.vanguardngr.com/2017/06/evans-may-get-death-penalty-life-imprisonment-ambode-signs-bill-law/">death penalty</a> as a punishment for the crime. I believe that the death penalty can serve as a great deterrence. </p>
<p>But first efforts must be made to tackle socio-economic conditions that make kidnapping attractive such as poverty, unemployment, deprivation, inequality. After all, sustainable criminal deterrence is scarcely possible under the atmosphere of material insecurity.</p><img src="https://counter.theconversation.com/content/80487/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Chukwuma Al Okoli receives funding from Tertiary Education Trust Fund (TETfund) in Nigeria.</span></em></p>Tough socio-economic conditions, among others, make kidnapping a thriving business in Nigeria. A strong justice system along with stiff punishment for the crime are needed.Al Chukwuma Okoli, Lecturer/Resident Researcher Department of Political Science, Federal University LafiaLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/409762015-04-30T10:29:33Z2015-04-30T10:29:33ZPrivatising ransom payments will reduce returns to terrorism<p>The US government is <a href="http://www.theguardian.com/us-news/2015/apr/26/us-end-ban-families-paying-ransom-overseas-hostages">currently reviewing</a> its policy on allowing families to pay ransoms to terrorists. This comes in the aftermath of the <a href="https://theconversation.com/terrorism-craves-an-audience-and-we-are-playing-into-islamic-states-hands-by-watching-31701">Islamic State executions</a> of US, Japanese and UK hostages while <a href="http://www.globalpost.com/dispatch/news/war/150121/these-are-the-countries-have-probably-paid-ransom-the-islamic-state">other nations’ citizens walked free</a> – albeit for multi-million dollar ransoms. Did the US deny its citizens the basic human right to life?</p>
<p>It is a fundamental role of governments to protect their citizens. The question is how best to do this in the case of citizens kidnapped abroad for ransom. Fundamentally, paying ransoms perpetuates the kidnap-for-ransom business model. And the proceeds from the crime may be invested in further criminal activity – or into insurgency and terrorism. For this reason, most official stance of most governments is to <a href="https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/207542/Kidnapping-for-ransom.pdf">not negotiate with terrorists</a>. The deterrent effect of such a “no negotiation” stance should not be overestimated, however: employers have a duty of care to their employees and families do not abandon their loved ones. This quickly translates into media pressure for governments to intervene.</p>
<p>It is an open secret that some governments pay ransoms to free their nationals. An article in the New York Times in July 2014, titled “<a href="http://www.nytimes.com/2014/07/30/world/africa/ransoming-citizens-europe-becomes-al-qaedas-patron.html">Paying Ransoms, Europe Bankrolls Qaeda Terror</a>”, provides details of how al-Qaeda obtained at least US$125m in ransoms from countries such as France, Italy, Spain, Germany, Switzerland and Austria from 2008-2013. </p>
<p>High ransoms are also reported to have been paid for Italian and French IS hostages. Where governments get involved, it’s not just about money: prisoner releases and limited charges or lenient sentences for captured accomplices are frequently reported in the context of government-negotiated ransoms – and some kidnappers actively seek publicity. Ransom inflation in either or all of these dimensions encourages further market entry. A policy of governments paying ransoms is therefore problematic.</p>
<p>Why are governments so bad at negotiating ransoms? Firstly, it is difficult for them to argue that they cannot afford a multi-million dollar ransom and that other concessions, for example prisoner releases, are categorically off the table. Secondly, they are often under pressure by the media to resolve a situation quickly. Thirdly, many <a href="http://content.time.com/time/world/article/0,8599,2006463,00.html">rescue actions result in the death of hostages</a> (and occasionally the security forces sent to liberate them) and are therefore rarely an attractive outside option. This decidedly shifts bargaining power towards the hostage takers.</p>
<h2>Walking ATMs</h2>
<p>Might the government be able to achieve better outcomes by delegating the negotiation to the private sector? There is already a private-sector mechanism for resolving criminal kidnap for ransom (KfR) cases. People who live, travel and work in complex and hostile territories have the option of buying <a href="http://www.chathamhouse.org/sites/files/chathamhouse/public/Meetings/Meeting%20Transcripts/051012CohenQA.pdf">KfR insurance</a> or have it bought on their behalf. However, KfR insurance is very discreet: employers are not allowed to discuss KfR insurance with their employees and ransom cover is limited. This avoids turning staff into “walking ATMs” and, in the case of a kidnap, there is a convenient degree of ambiguity about who is negotiating and what resources are available for ransoming.</p>
<p>KfR insurance provides parties interested in freeing victims with immediate access to highly experienced hostage negotiators, who are experts at exploiting this ambiguity. Professional crisis response consultants advise on the negotiation and manage family expectations. Because a ransom is offered, hostage takers treat their victims as assets and the <a href="http://www.eglobalhealth.com/kidnap-ransom-extortion-insurance.html">vast majority of KfR victims are released unharmed</a>. Victim stakeholders are reassured by this and take more time to barter down the hostage-takers. Kidnappers are often under pressure to conclude: few criminal organisations can hold hostages indefinitely – either local security forces or rival gangs are bound to come knocking on doors eventually.</p>
<p>The commercial resolution process, if played by the book (consultants can only advise), means ransoms usually settle at a small fraction of the cost of government ransoms. Few families can raise hundreds of thousands of dollars, never mind millions. Disruptive bargaining strategies are a clear signal that opportunistic criminals will not do well in this market: high ransoms require long detention periods. This discourages market entry.</p>
<h2>Families may ransom</h2>
<p>It can therefore be argued that leaving hostage negotiations to the private sector serves the public interest better than a “hands-on” approach by governments. The deliberations of the US government should be seen in this context. Allowing families to bargain with terrorists gets the government out of the media spotlight and devolves bargaining to a stakeholder with demonstrably limited resources. A “families may ransom” policy stance would probably not be entirely new: US kidnap victims have returned from captivity in the past and nobody has been prosecuted. It is simply a matter of clarifying current practice – and removing (well-resourced) employers as well as the government explicitly from the ransom negotiations.</p>
<p>Although in principle we all agree that not paying ransoms and ending the KfR business would be the first best solution, in practice everyone will want to ransom a kidnapped loved one. One could therefore summarise the public interest as “paying as little as possible for the safe return of hostages”. If this is the goal of government policy, officially delegating ransoming to the private sector may indeed be the best solution.</p><img src="https://counter.theconversation.com/content/40976/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Anja Shortland does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>It’s in the public interest to allow families to pay ransoms for the return of their loved ones.Anja Shortland, Reader in Political Economy, King's College LondonLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/349962014-12-05T06:14:36Z2014-12-05T06:14:36ZWe’re banning paying ransoms to terrorists – but what about pirates?<p>The UK home secretary, <a href="https://www.gov.uk/government/speeches/home-secretary-theresa-may-on-counter-terrorism">Theresa May</a>, has introduced the new <a href="http://services.parliament.uk/bills/2014-15/counterterrorismandsecurity.html">Counter-terrorism and Security Bill</a>, which will be considered by a committee of the whole House by mid-December. Alongside the new powers it will hand to UK police and security services, the Bill will ban insurance companies from covering <a href="http://www.bbc.co.uk/news/uk-30173238">ransom payments</a> to terrorist organisations. </p>
<p>The UK already refuses to pay terrorist groups ransoms and prohibits individuals and companies from deliberately doing so; the Bill’s new provision will <a href="http://www.theguardian.com/politics/2014/nov/24/ransom-payments-isis-anti-terrorism-amendment-law-theresa-may">close a loophole</a> which may mean insurance companies are reimbursing illegal payments to groups.</p>
<p>So far, so good. But the Bill leaves another major loophole wide open: since 2010, millions of dollars in ransom have been paid for the release of vessels and crews hijacked by Somali pirates – who, while not terrorists per se, may be tightening their links with major terror groups.</p>
<h2>Maritime disaster</h2>
<p>According to research by the think tank One Earth Future Foundation and its project “Oceans Beyond Piracy”, the estimated total of ransom money paid to Somali pirate groups was an astonishing <a href="http://oceansbeyondpiracy.org/sites/default/files/attachments/SoP2013-2PagerDigital_0.pdf">$21.6m in 2013</a> – and that is a major decrease from the days of 2010, when it was as much as <a href="http://oneearthfuture.org/sites/1earthfuture.org/files//documents/publications/The-Economic-Cost-of-Piracy-Full-Report.pdf">$238m</a>. These figures do not include the costs of negotiations and the physical delivery of the ransom money – often done by helicopter or private plane – or ransoms paid in other piracy hot spots, such as the <a href="https://theconversation.com/stopping-west-african-piracy-is-vital-for-europes-energy-security-24914">Gulf of Guinea</a>.</p>
<p>Terrorism and piracy are, on the face of it, very different beasts, with contrasting motives and objectives. Whereas terrorism is principally a political act, piracy is a criminal activity. In its developed form, it is organised crime employing a structured business model and is usually the work of armed non-state groups. In general, it is focused on material and monetary gain for the pirate groups, while violence and killing are secondary. </p>
<p>But of course, piracy and terrorism are hardly mutually exclusive – and this, above all else, is why the supply of ransom money to pirates must be choked off.</p>
<h2>Unholy alliances</h2>
<p>There may well be indirect links between terrorism and organised piracy, whether that takes the form of mere exchanges of money and goods or full co-operation in joint ventures. What we can be certain of is that the success of maritime piracy is attracting the attention of terrorist groups around the world as a potential source of finance for their activities. </p>
<p>The millions of dollars already earned through piracy ransom receipts could go a long way towards supporting terrorist activities around the world. And while there seems to be no solid evidence of a terrorist connection there is a growing concern that some of the money given to Somali pirates by way of ransom payments regards to even a partly financing of the notorious Somalia-based terrorist group al-Shabaab, which has recently shown signs of a major <a href="http://www.bbc.co.uk/news/world-africa-30290993">upsurge</a> despite the death of its leader.</p>
<p>To make matters worse, the huge amount of money paid for ransom to Somali pirate groups could have very effectively enhanced this financial relationship. Because the ideologies driving the two forms of criminality differ, if the two merge – or even if a link is made and terrorism becomes more closely aligned with piracy – it is very likely to further complicate the strategy needed for dealing with the already fiendishly resilient al-Shabaab.</p>
<h2>A terrible cost</h2>
<p>Banning insurance companies from covering ransom payments to terrorist organisations, as this forthcoming Bill will dictate, makes perfect sense in itself. But the government has to re-consider the potential of the discussed links between modern piracy and terrorism – and the frightening prospect that the latter may well have started funding itself via the taxation of the former. </p>
<p>Somali piracy’s current period of decline is a good opportunity to reconsider our approach to paying ransoms. That’s not just a matter for governments, but for the shipping industry and insurance companies – who will, of course, have their own stance on any law that bans them from giving pirates money. That will be a big ask, especially if piracy shows any sign of a resurgence.</p>
<p>But if we don’t act, everything the UK is trying to achieve with the new counter-terrorism Bill could be easily cancelled out. If we keep paying we continue to run the risk ransom money will flow through already-established links between terrorist organisations, organised crime networks and piracy groups – and the knock-on effects for an incredibly fragile region could be catastrophic.</p><img src="https://counter.theconversation.com/content/34996/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Ioannis Chapsos works for Coventry University in the UK. He receives research funding from NATO SPS programme. </span></em></p>The UK home secretary, Theresa May, has introduced the new Counter-terrorism and Security Bill, which will be considered by a committee of the whole House by mid-December. Alongside the new powers it will…Ioannis Chapsos, Research Fellow in Maritime Security, Coventry UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/324602014-10-03T05:24:45Z2014-10-03T05:24:45ZPaying ransom for hostages is sometimes the right thing to do – here’s why<p>On Saturday October 4 we woke up to the news that looked depressingly inevitable. Alan Henning, a taxi driver from Salford, who had been captured in Syria last December while delivering aid to refugees, <a href="http://www.theguardian.com/world/2014/oct/04/alan-henning-hostage-killing-harsh-price-isis-syria">appears to have been beheaded</a> by his terrorist captors. He appeared at the end of a video showing the apparent beheading of Scottish aid worker David Haines last month, in an indication that he would soon suffer the same fate. </p>
<p>David Cameron, the prime minister, responded to the news: “It is senseless. It is completely unforgivable… We must take action against it and we must find those responsible.”</p>
<p>At least two more Western hostages are still in captivity. One, Peter Edward Kassig, an American soldier, ominously appeared at the end of this latest video. The other, John Cantlie, a photojournalist from Surrey, was abducted in Syria nearly two years ago along with American journalist James Foley, who was filmed for his own apparent execution in the desert by his captors in August. Cantlie has appeared in three recent videos reading scripted messages, which included a request that the West pay ransom in exchange for the hostages’ release. </p>
<p>David Cameron has made it very clear that this will not happen under any circumstances. At last month’s NATO summit in Newport, Wales, the <a href="http://www.bbc.co.uk/news/uk-29072940">prime minister confirmed</a> the UK’s policy on the matter: “We won’t pay ransoms to terrorists who kidnap our citizens.”</p>
<p>The US government takes exactly the same line. Following the deaths of James Foley and <a href="http://example.com/">Steven Sotloff, another journalist</a>, there were <a href="http://www.businessinsider.com/foley-sotloff-family-threatened-prosecution-2014-9">even reports</a> that the US authorities put pressure on the families of the victims not to pay ransom by warning them that doing so would break the law. </p>
<p>Not every country seems to take this position, though. <a href="http://www.nytimes.com/2014/07/30/world/africa/ransoming-citizens-europe-becomes-al-qaedas-patron.html?_r=0">An investigation</a> by the New York Times in July found strong evidence that some European governments do pay ransom to Al-Qaeda and affiliated groups. The report claimed that this had amounted to US$125m since 2008, and US$66m in the last year alone. </p>
<h2>Moral principles</h2>
<p>So who is right and who is wrong? There is some obvious good sense behind the UK government’s stated position. The payment could encourage further hostage taking and the money paid might be used to further terrorism. </p>
<p>Ethically, we must also remember that it matters not merely what is done and what the outcomes of actions are. It often matters how and why it is done and who does it. For instance, members of a jury have a moral duty to disregard the anticipated consequences of their verdict. They ought to declare that an accused rapist is not guilty if they think the case against him leaves a reasonable element of doubt regardless of the possible effects of their verdict on future instances of such crimes. </p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/60674/original/wf8rbxzv-1412263177.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/60674/original/wf8rbxzv-1412263177.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=450&fit=crop&dpr=1 600w, https://images.theconversation.com/files/60674/original/wf8rbxzv-1412263177.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=450&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/60674/original/wf8rbxzv-1412263177.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=450&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/60674/original/wf8rbxzv-1412263177.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=566&fit=crop&dpr=1 754w, https://images.theconversation.com/files/60674/original/wf8rbxzv-1412263177.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=566&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/60674/original/wf8rbxzv-1412263177.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=566&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Juries can’t worry about the consequences of their decisions.</span>
<span class="attribution"><a class="source" href="http://www.shutterstock.com/cat.mhtml?lang=en&language=en&ref_site=photo&search_source=search_form&version=llv1&anyorall=all&safesearch=1&searchterm=scales%20of%20justice&show_color_wheel=1&orient=&commercial_ok=&media_type=images&search_cat=&searchtermx=&photographer_name=&people_gender=&people_age=&people_ethnicity=&people_number=&color=&page=1&inline=202034857">Solman Design</a></span>
</figcaption>
</figure>
<p>But having said that, we must now get back to first principles. Suppose that a kidnapper threatened to kill, say, my child if I did not pay a modest ransom for him. If the threat were a realistic one, and there were no other feasible way of securing their safe release, it would surely be morally obligatory for me to pay the money. To let the child die in order that further acts of kidnapping would not be encouraged might be considered by some people to be a breach of the moral duty of care of a parent. </p>
<p>In a similar way, it might seem reasonable that a state has, by virtue of its power and authority, a moral duty of care towards its citizens. For instance, not only should it not kill them, it should not let them die unnecessarily if it can take reasonable steps to prevent their deaths.</p>
<p>As the 17th-century philosopher Thomas Hobbes <a href="http://faculty.history.wisc.edu/sommerville/367/367-092.htm">notably argued</a>, self-preservation is the basic function of and justification of civil society. It seems plausible to say that the state has a duty to try to uphold the human right to life of each of its citizens and to try to protect them from illegal violence wherever it occurs and whatever its source. By extension, I would argue that the state has a prima facie moral duty to rescue its citizens by paying ransom to their captors - a presumption in favour of paying if all other things are equal. </p>
<h2>Presumptions and exceptions</h2>
<p>Having said that, I would not call this an absolute duty. There are various factors that I would suggest as exceptions – and beyond these there may be others. For instance, sometimes, there will be no basis for confidence that the payment of a ransom would actually secure the safe release of a hostage. </p>
<p>Sometimes the price demanded will be too high. A ransom that ran into the tens or even hundreds of millions of pounds would surely be more than what the state can reasonably be expected to pay. This follows from the fact that the state is not morally obliged to always do all that might be required to save the life of one of its citizens. If someone requires extremely expensive medical treatment to maintain their life, the state is surely not morally obliged to pay up.</p>
<p>Equally if someone voluntarily enters a dangerous part of a foreign country contrary to the advice and wishes of their government, they have to an extent forfeited their right to the protection of their state. You could argue that the government has already discharged its duty of care and is not necessarily obliged to do what would be required to rescue them now that they had been taken hostage. </p>
<h2>Exceptions to exceptions</h2>
<p>On the other side of the ledger will be some factors that might counteract these exceptions. One might be that many hostages are in jeopardy. Another might be that the hostage was put in danger at the behest of the state – perhaps because they were a government employee, for example.</p>
<p>Or what if, say, Prince Charles were taken hostage? What if a citizen were snatched at random from a street in, say, Glasgow or London? Would it not be justifiable to pay a modest ransom to save their lives and to avoid the loss of political face that their widely publicised executions might produce? </p>
<p>Where does this leave the UK government in relation to the two current captives? We can’t comment on the size of the ransom or the realistic chances of them being freed, but both men were captured in Syria at a time when it was clearly very dangerous to be there. You might counter that their professions or reasons for going justified their decisions to go there. We need foreign journalists to take risks to tell us what is happening in the world. Aid workers often work in dangerous areas because it is exactly where they are most needed. </p>
<p>Even if these activities didn’t amount to a good enough reason for being in a dangerous place, I would be inclined to pay a reasonable ransom for them on charitable grounds – you wouldn’t admit an exception, but you would say they should be rescued out of human decency. </p>
<p>Either way, my main argument is that there are far too many complexities in this area to be able to rule out paying ransom in all cases. But before we condemn Cameron too strongly, an episode from the past comes to mind. During the years of the troubles in Northern Ireland, the UK government always made clear that it would not negotiate with terrorists. Yet as we now know, in the years leading up to the Good Friday Agreement, it was secretly doing exactly that. It could well be that the UK government sometimes does exactly the same thing with regards to hostages and ransom. And if all that is actually happening, that the UK is taking an uncompromising position in public, this is a different matter entirely.</p><img src="https://counter.theconversation.com/content/32460/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Hugh McLachlan does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>On Saturday October 4 we woke up to the news that looked depressingly inevitable. Alan Henning, a taxi driver from Salford, who had been captured in Syria last December while delivering aid to refugees…Hugh McLachlan, Professor of Applied Philosophy, Glasgow Caledonian UniversityLicensed as Creative Commons – attribution, no derivatives.