on the crypto
Kidnapping someone and asking for a ransom is, of course, illegal. But should it also be illegal to punish a victim who pays the ransom? Earlier this month, the US Treasury Department decided just that. It has notified the world that some ransom payments are illegal, particularly those for sanctioned ransomware operators.
The position taken by the US Treasury Department
According to the US Treasury Department, punishing ransom victims could be one of the best ways to protect the public from extortionists. On October 1, the US Office of Foreign Assets Control (OFAC) issued a notice reminding everyone that several ransomware operators have been placed on the list of sanctioned companies of OFAC, otherwise known as Specially Designated Nationals. (SDN).
The agency letter makes it clear that if a victim were to make a ransom payment to an OFAC-sanctioned ransomware operator, that person could be breaking the law.
The wave of ransomware
Ransomware is malicious software that blocks access to a computer system by encrypting data. Once the data is locked, the ransomware operator asks the victim to pay a ransom in exchange for a decryption key.
The emergence of bitcoin (find out how here buy bitcoin) made it particularly easy for ransomware operators to profit from their attacks. The first bitcoin ransomware targeted regular consumers with $ 300 or $ 400 in ransom.
In 2019, operators such as Sodinokibi, Netwalker and REvil began attacking companies, governments, universities and hospitals. And the ransoms have become much more substantial. This summer, the University of Utah paid $ 457.059 in bitcoin for a decryption key.
CWT, a travel company, paid $ 4,5 million to ransomware operators Ragnar Locker in July. The list of victims grows by the hour. And the damage is worth more than just the ransom sum. Many organizations courageously refuse to give in to the ransomware operator's demands. But rebuilding their network often costs more than paying the ransom.
A problem of collective action
Corporate response to ransomware is an example of a class action problem. People would be better off if everyone cooperated and refused to pay ransomware operators money.
Without any incoming ransom, the ransomware business would not be profitable, the attacks would cease and the collateral damage would stop. Unfortunately, spontaneous cooperation between thousands of companies, governments and nonprofits is difficult to achieve.
Companies will face pressure from shareholders or citizens to bounce back as quickly as possible, and then they will pay. One way to solve the problem is for the government to help push the public towards the best solution.
And the government can do this by outlawing ransom payments and imposing a penalty for violating the rules. This way, when a ransomware operator attacks, all victims will respond with a default setting. “No, we can't pay you. If we do, we will have to pay an even higher tax to the government ”.
