Adam Shostack  Mar 19, 2024

Banning ransomware payments is an incredibly attractive idea.

Proponents need to explain why it’s going to work any better than bans on buying drugs. Why will two “willing” participants not going to find a way? What do we gain by adding criminal penalties to victims trying to recover their businesses?

Show threadAndrew 🌻 Brandt 🐇Mar 19, 2024
@adamshostack Personally I don't think there should be a ban on payments. But I strongly believe there should be a ban on *insurance payouts* in cases of ransomware where a postmortem review finds easily-fixed problems that were negligently not addressed led to the incident taking place. Society should not be socializing the cost of large corporations' inadequate resourcing of security operations budget. It costs everyone more for insurance every time a huge payout has to be made.
Show threadAlun JonesMar 19, 2024
@threatresearch @adamshostack that creates an incentive to hide details of an attack.
Show threadAdam Shostack  
@ftp_alun @threatresearch You've misspelled "Another" :)
Mar 19, 2024 at 2:26pmWeb