Istari

Ransomware: Should paying hacker ransoms be illegal?

Back to Spotlight

It seems as if we are living in a ransomware ‘epidemic’.

 

Ransomware is a specific type of malware that encrypts data and systems and asks for a payment (the ransom) for the release of decryption keys. The cyberattacks on the Colonial Pipeline and JBS meat, the world’s largest meat supplier, are just recent examples of a growing threat of ransomware. As bad as these examples are, attacks could get a lot worse.

A new type of ransomware, titled ‘Jackware’ seems to cause great concern (here is an article on it). These specific types of ransomware attacks do not encrypt computers running on Windows operating systems – rather, they hijack the actual physical devices our modern lives rely upon.

Currently, many victims of ransomware attacks pay the ransom; Colonial pipeline paid $5m, JBS meat paid $11m. But – could a solution to the problem be to make paying the ransom illegal?

 

Some arguments for making ransom payments illegal:

  • Ransomware attacks are motivated by profit. Prohibiting ransom payments would cripple the profitability of such attacks, which could discourage this type of crime altogether.
  • Ransomware profits are used to fund other, even more dangerous crimes, such as human trafficking, child exploitation, or terrorism. Prohibiting ransom payments would have positive ripple effects
  • Removing ransom payments as a legal option would take burden off organisations.

 

Arguments against making ransom payments illegal:

  • Prohibiting ransom payments would encourage attackers to shift their focus on attacking organisations that are least able to deal with downtimes, such as hospitals, water-treatment plants, energy providers or schools. That would increase pressure to get paid, despite the illegality.
  • Some businesses, especially small and medium sized businesses, could face bankruptcy if they are not allowed to pay the ransom

What do you think? Would a ransom payment ban solve the growing threat of ransomware attacks?

 

Access the full article here