logoalt Hacker News

jawigginstoday at 6:25 PM6 repliesview on HN

Years ago I attended a conference that had a "fireside chat" with a DoJ official on the topic of these types of ransom payments.

He framed the issue as being similar to kidnapping ransoms: When an American is taken hostage each family is inclined to make payment but it fosters an industry around kidnapping Americans. Congress put a stop to it by making it illegal to pay the kidnappers. The industry shifted by ceasing the non-profitable American kidnapping and instead began targeting Europeans.

His proposal was to begin warning cybersecurity consultants and insurers who were often brought into these situations that payments to sanctioned countries were already likely illegal and could face scrutiny. The first people to suffer this might be burned, but eventually he believed the industry would move on and stop targeting US firms.

Not sure if anything ever came of his plans, but I always thought it was an interesting framing of the issue.

Replies

bijowo1676today at 6:56 PM

This is the way to go.

Instead of paying ransom, and creating a ransomware criminal industry out of thin air, its better to force companies to recover and restore from backups and remove monetary incentive for crime.

and the executives who failed to carry regular backups obviously should face the music

show 1 reply
rsstacktoday at 7:13 PM

How is it not a violation of AML laws to pay a ransom like this? Surely they didn't verify that the recipient (a criminal) isn't sanctioned or associated with sanctioned organizations.

show 4 replies
raframtoday at 8:18 PM

Not sure sanctions are a relevant reason not to pay here. We don’t know where everyone involved with ShinyHunters is located, but those arrested in the past have been American and French.

show 1 reply
phone_booktoday at 7:18 PM

Isn't there still incentive because the data itself is valuable so attacks would continue?

show 2 replies
nathanmillstoday at 6:48 PM

Thank goodness that no kidnapping of an American has ever happened since.

show 3 replies
gustavustoday at 8:02 PM

Not that I disagree but it also incentives attackers to steal and resell data to other nefarious actors.

After all a lot of the data companies have isn't their own, it's their customers. They are the ones who suffer because businesses don't bother securing their crap.