BrianKrebsDec 15, 2023

I've grudgingly come around to the notion that there is only one way out of the ransomware problem: Make paying a ransom illegal. This is not very different from laws that make it illegal for US companies to pay bribes to foreign officials.

I really don't see any other way out of this mess. Yes, some victims will unfortunately ignore any laws that say they can't pay, but enforcement probably will not be hard.

What will be difficult are the situations where peoples' lives are at stake in ransomware incidents This sounds callous, but we can't afford to take the short view here anymore, and our other alternatives aren't great either.

I'm quite certain this is an unpopular view, but we have already seen the cost of doing nothing. At least in the interests of congruity for our financial sanctions vs Russia, we should probably make this change sooner rather than later.

Show threadvnangiaDec 15, 2023

@briankrebs Unless there are more than fines for companies, a company will say, “better the risk of prosecution than going out of business” and pay the fine. And if it goes to a jury, they’re likely to be sympathetic.

You might have more luck outlawing blockchain-based monetary systems.

Show threadBrianKrebsDec 15, 2023
@vnangia Making it illegal will not prevent victims from paying. That is true. But, their willingness to pay is likely to be somewhat dependent on the willingness of law enforcement agencies to enforce the law. Your concern seems to impact very small companies that would flout any federal laws on this regardless (either out of ignorance or certainty of not getting caught).
Show threadvnangia
@briankrebs Depends on industry. Can I see a Exxon or JP Morgan doing it? No. Can I see, I dunno, Medstar or Inova doing it? Yes. A school district or Krogers? Maybe.
Dec 15, 2023 at 1:30amIceCubesApp