Hacker News new | past | comments | ask | show | jobs | submit login

> While banning such payments might remove the incentives,

They'd pretty obviously not; companies are already forced to pay a fine (or a ransom, but it's money spent) and it obviously does not incentivize them to properly secure their network. Adding a fine to pay to the government on top (or, more cynically, a tax) will not change much, except that stricken companies now get hit harder, as you said.




I think the grandparent means banning such payments might remove the incentives to hack in the first place, since a hacker can't expect to make any ransom revenue from a company that obeys such a ban.


Companies purchase cyber insurance for a small fee and avoid risk of paying ransoms directly.

Make cyber insurance paying ransoms illegal and you'll see boards start funding IT security.


Insurance companies are likely to disallow ransom payments in their entirety. Too much risk considering the security posture of most organizations.

Boards will, generally, still not fund and support effective security culture without steep penalties for breaches (i am in infosec and speak to c suite folks as part of my gig; breach impact, in their current form, are "cost of business"). “Show me the incentive, and I will show you the outcome.” – Charlie Munger

https://www.insurancejournal.com/news/international/2021/05/... (Insurer AXA to Stop Paying for Ransomware Crime Payments in France)


Paying the ransom should make you an accessory to the crime with jail time and all for the executive who cleared it. This should put an end to it pretty quickly.


And also put an end to the organisations ability to operate making potentially thousands of people instantly and needlessly unemployed because their bosses didn't think security was important.


Allowing executives to commit crimes because imprisoning them would deprive workers of an executive is just plain foolish.


The executives should be punished, yes, but I don't see why the entire workforce should be when insurance can cover the cost.


That is the system working as intended. Organizations, and those that lead them that can't hack it in the modern economy must be removed in order to make room for those that can.


So what’s the point of restricting ransomware payments then? Only organizations that can’t hack it in the modern economy will be affected anyway.


Ransomware gangs exist and thrive because their crime is profitable -- their victims are willing and able to pay. Make many of their victims unable to pay, and the equation changes.


Someone with the correct competencies will get the job instead. Or better yet executives the world over will start taking security seriously.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: