WingNews logo WingNews
top | item 27159003

(no title)

1_person | 4 years ago

> Yep, making it illegal to pay the ransom is a good way to stop people from having that choice. If police themselves are paying a ransom, that might make it hard to make it illegal.

Ransoming itself is already illegal and yet people still have the choice to do it.

Why would making paying the ransom illegal remove the choice to do it?

> You don't need to get the proportion to 0 to help people. Reducing the proportion is helpful. If you reduce the amount of people paying (say you convince half the population that it's immoral to pay), the ransomware gangs will be less profitable, and will invest less money in ransomware and thus less people will be attacked.

It's something that's trivial to automate which produces positive cash flow, which makes it something approaching a thermodynamic impossibility to prevent from happening.

We made spamming illegal. Most of what is spammed is already illegal. So there's no spam anymore, right?

The policy suggested produces obviously absurd outcomes when applied to plausible scenarios.

It does more harm than good, and is an emotional knee jerk which does not survive rational analysis.

discuss

order

Thorrez|4 years ago

>Ransoming itself is already illegal and yet people still have the choice to do it.

You mean the attackers? They're not in the US, so US law doesn't matter to them.

>Why would making paying the ransom illegal remove the choice to do it?

The attackers don't care about the law. For 2 reasons: (1) they live in countries without much enforcement, (2) they use online anonymity tools. Most US businesses care about following the law to a reasonable degree so they don't get in trouble. They are in the US where there is better law enforcement and since they're legitimate businesses with known addresses and employees, they cannot be anonymous.

>It's something that's trivial to automate which produces positive cash flow, which makes it something approaching a thermodynamic impossibility to prevent from happening.

There are many aspects that need human effort. People actively communicating for spear phishing and vishing. Negotiators to negotiate the amount. Customer support to help with payments. Customer support to help with decryption. Constantly updating the malware to avoid new detections from antivirus. Constantly updating the malware to take advantage of new vulnerabilities.

>We made spamming illegal. Most of what is spammed is already illegal. So there's no spam anymore, right?

I never said making ransomware illegal would make it disappear.