| ▲ | ArcHound 6 hours ago |
| I don't think you can enforce such a rule. I think it's a good approach too. Another issue is that not paying up and risking restore from underfunded ops dept. might be more expensive than paying up AND making a selected executive look bad. And we can't have that, can we. |
|
| ▲ | wongarsu 5 hours ago | parent | next [-] |
| It would make the ransomware statistic go down without actually stopping crime. Any company that considers paying the ransom would have a strong incentive to never report the security incident to avoid being punished for ransom payments |
| |
| ▲ | entuno 5 hours ago | parent | next [-] | | Plus it gives the ransomware gangs a whole new angle they can use. So, remember how you illegally paid us a ransom a few months ago? Unless you want to go to prison, then you better... We're already seeing this against companies who pay ransoms and fail to report the breaches when they're legally required to - but it would be much worse if it's against individuals who are criminally liable. | |
| ▲ | nradov 2 hours ago | parent | prev [-] | | Make employees criminally liable for making ransom payments, along with whistleblower protections. Very few employees will risk going to prison to protect their employer. You can always get another job. |
|
|
| ▲ | finghin 5 hours ago | parent | prev [-] |
| Agreed - it’s not that it’s a bad point but it would be an ineffective rule which is usually an excuse to forgo other more effective (usually more expensive) options |
| |
| ▲ | TeMPOraL 5 hours ago | parent [-] | | Unfortunately the actual solution will probably have to mirror real world, which means balkanizing the Internet to clarify legal jurisdiction, maybe some international police task force to aid with cross-border investigation, but ultimately it all hinges on whether and how much the countries with most nuclear aircraft carriers are willing to pressure other countries to take this seriously. |
|
