As ransomware attacks become more common and complex—and costly to the crimes’ targets—a University of Texas at Dallas researcher is examining how policymakers might combat cybercriminals.

Dr. Atanu Lahiri, an associate professor of information systems at the Naveen Jindal School of Management, said ransomware has become one of the top cybersecurity threats facing organizations worldwide. Spread primarily through email phishing scams and exploitation of unpatched software bugs, ransomware robs a user’s access to computer files until a ransom is paid.

“The data is still on your computer,” he said. “It’s locked up, and the criminals have the key.”

In a study published in Information Systems Research, Lahiri and a colleague examined whether and under what circumstances policy intervention could help deter this type of cyberattack. He found that effective response solutions might depend on factors such as the value of compromised information, the nature of the ransom demand, and who or what organization is most affected.

Although paying ransom often seems preferable to facing business disruptions, payments also embolden the attackers and encourage them to come back for more. This ripple effect, or externality, which is driven by extortion, creates a unique problem dubbed “extortionality” by the authors.

“There are two questions: When do we care, and what do we do?” Lahiri said. “Should ransom payments be banned or even penalized?”

The disruptions caused by ransomware attacks can be crippling for businesses. In 2024, the FBI’s Internet Crime Complaint Center received more than 3,000 ransomware complaints. Victims paid over $800 million to attackers, according to research by Chainalysis, although the impact is likely much higher because many incidents and payments go unreported.

The illegal breaches have hit targets ranging from Fortune 500 companies to police departments to government and university systems.

Lahiri was inspired to explore potential solutions as federal and state lawmakers grapple with laws to restrict government entities and other companies from paying ransoms to regain access to their data. He found that fighting these threats through legislation is tricky because a ban on ransom payments or other penalties could negatively affect the victim, whose goal is simply to recover compromised information quickly and with minimal disruption.

For example, outright bans on ransom payment are particularly problematic for hospitals, where lives are at stake and critical lifesaving information can’t be accessed.

On the other hand, paying ransom rewards criminal behavior, encourages more breaches and elevates the risk of additional attacks, the researchers found.

Through mathematical models and simulations, Lahiri determined that an ideal scenario in many cases would be for companies not to give in to an attacker’s ransom demand. In practice, however, this solution is not so clear-cut.

“It relies on you trusting the other guy, in this case other organizations, not to pay up either,” he said. “It would be better if nobody paid, but if someone does, it would raise the risk for everybody.”

“You have to be careful when you impose a ban, though,” said Lahiri, who teaches the graduate class Cybersecurity Fundamentals at UT Dallas, serves as director of the cybersecurity systems certificate program, and chairs the University Information Security Advisory Committee. “A more reasoned approach might be to first try incentives or a penalty to deter ransom payments.”

If the attackers are not strategic in choosing their ransom asks—and do not demand different sums from the victims depending on their ability to pay—Lahiri recommends that policymakers impose fines or taxes on companies that pay ransoms.

“When imposing a ban, policymakers should be mindful,” he said. “In particular, hospitals and critical infrastructure firms should be exempted to avoid excessive collateral damage from business disruption.

“In some cases, you wouldn’t even have to impose the ban, but if you talk a lot about a ban, ransom payers would take notice. Even the specter of a ban might do the trick and make organizations invest in backup technologies that can help them recover without having to pay the attackers.”

The best offense, Lahiri said, is a good defense, and the best defense is simply more redundancy. Backing up data and practicing drills on recovering information is a strong way to avoid paying the attacker. Policymakers could incentivize redundancy measures, he said, by subsidizing backup technology, practice drills and awareness campaigns.

“One of the biggest problems is that people don’t invest in backups,” Lahiri said. “They don’t conduct drills, like fire drills. Security is always seen as a hassle.

“If we had great backups and we could recover from the attacks, we would not be paying the ransom in the first place. And we would not be talking about extortionality.”

Dr. Debabrata Dey, Davis Professor and area director of analytics, information and operations at the University of Kansas, is a co-author of the study.

Coats Digital is pleased to announce that that Manufacturas Eliot, one of Colombia’s leading fashion textile groups, has selected VisionPLM to advance its digital transformation strategy. The solution will optimise product lifecycle management across its portfolio of brands—Patprimo, Seven Seven, Ostu, and Atmos—enhancing collaboration, streamlining operations, and enabling greater speed to market.

Manufacturas Eliot, a Colombian fashion group, has selected Coats Digital’s VisionPLM to boost digital transformation across its brands.
The platform will enhance collaboration, speed up product development, and streamline operations.
VisionPLM aims to improve agility, traceability, and decision-making, supporting Eliot’s drive for innovation and sustainable growth.

Founded in 1957, Manufacturas Eliot is a vertically integrated manufacturer producing over 20 million garments annually. Renowned for delivering high-quality, accessible fashion, the group continues to invest in technologies that support sustainable growth and operational excellence.

The implementation of VisionPLM demonstrates Elliot’s strong commitment to end-to-end digitalisation across the value chain. By introducing VisionPLM, Eliot aims to improve product development agility, reduce time-to-market, and ensure seamless communication across cross-functional teams.

Juliana Pérez, Design Director, Seven Seven, commented: “From the design team’s point of view, we’re really excited about implementing VisionPLM, as it will allow us to manage our collections in a more structured way and collaborate efficiently with other departments.”

Angela Quevedo, Planning Director,  Manufacturas Eliot, added: “VisionPLM will significantly improve the planning and coordination of our operations by enabling a more accurate flow of information and reducing response times across the supply chain. It will also help us optimise processes and accelerate decision-making.”

Tailored specifically for the fashion industry, VisionPLM integrates tools that boost development speed, improve traceability, and enhance decision-making. By centralising design, sourcing, and supplier collaboration in one digital platform, the solution enables a streamlined, transparent, and responsive approach to managing collections.

Oscar González, Coats Digital – LATAM, said: “We’re proud to continue supporting Manufacturas Eliot on its digital transformation journey. The adoption of VisionPLM marks a key milestone in advancing its fashion innovation strategy—enabling faster, smarter decision-making and more agile collaboration across teams and suppliers. Its helping to build a future-ready, connected operation that’s fully aligned to the demands of today’s fashion market.”

Note: The headline, insights, and image of this press release may have been refined by the Fibre2Fashion staff; the rest of the content remains unchanged.

Fibre2Fashion News Desk (HU)

Susan Monarez is no longer the director of the US Centers for Disease Control and Prevention, according to a post by the official Department of Health and Human Services X account. She had been in the position for just a month. In the wake of her apparent ouster, several other CDC leaders have resigned.

Named acting CDC director in January, Monarez was officially confirmed to the position by the Senate on July 29 and sworn in two days later. During her brief tenure, the CDC’s main campus in Atlanta was attacked by a gunman who blamed the Covid-19 vaccine for making him sick and depressed. A local police officer, David Rose, was killed by the suspect when responding to the shooting.

In a statement Wednesday evening Mark Zaid and Abbe David Lowell, Monarez’s lawyers, alleged that she had been “targeted” for refusing “to rubber-stamp unscientific, reckless directives and fire dedicated health experts.” The statement further says that Monarez has not resigned and does not plan to, and claims that she has not received notification that she’s been fired.

According to emails obtained by WIRED, at least three other senior CDC officials resigned Wednesday evening: Demetre Daskalakis, director of the National Center for Immunization and Respiratory Diseases; Debra Houry, chief medical officer and deputy director for program and science; and Daniel Jernigan, director of the National Center for Emerging and Zoonotic Infectious Diseases.

More resignations are expected to become public soon, say CDC with knowledge of the departures.

“I worry that political appointees will not make decisions on the science, but instead focus on supporting the administration’s agenda,” says one CDC employee, who was granted anonymity out of concerns over retribution. “I worry that the next directors will not support and protect staff.”

President Donald Trump’s original pick to lead the CDC was David Weldon, a physician and previous Republican congressman from Florida who had a history of making statements questioning the safety of vaccines. But hours before his Senate confirmation hearing in March, the White House withdrew Weldon’s nomination. The administration then nominated Monarez.

The CDC leadership exits come amid recent vaccine policy upheaval by HHS secretary Robert F. Kennedy Jr., who in May removed the Covid-19 vaccine from the list CDC’s recommended vaccines for healthy children and pregnant women. The following month, he fired all 17 sitting members of the CDC’s Advisory Committee on Immunization Practices, a group of independent experts that makes science-based recommendations on vaccines.

In their place, he installed eight new members, including several longtime vaccine critics. “A clean sweep is necessary to reestablish public confidence in vaccine science,” Kennedy said in a statement at the time.

Earlier this month under Kennedy’s leadership, HHS canceled a half billion dollars in funding for research on mRNA vaccines. This month HHS also announced the reinstatement of the Task Force on Safer Childhood Vaccines, a federal advisory panel created by Congress in 1986 to improve vaccine safety and oversight for children in the US. The panel was disbanded in 1998, when it issued its final report. Public health experts worry that the panel is a move to further undermine established vaccine science.