Connect with us

Hi, what are you looking for?

Tech & Science

Paying out to ransomware: Lowdown on the legal and ethical issues

Should firms pay out to a ransomware demand? We look at some of the legal and ethical issues.

On the so-called dark web, providers of ransomware services and support pitch their products openly
On the so-called dark web, providers of ransomware services and support pitch their products openly - Copyright AFP Stefano Rellandini
On the so-called dark web, providers of ransomware services and support pitch their products openly - Copyright AFP Stefano Rellandini

The policy of not paying ransom, often referred to as a “no concessions” policy, is a widely debated strategy in counter-terrorism and hostage situations. Yet the effectiveness of such a strategy has been and continues to be debated from multiple perspectives.

Ransomware is the type of cryptovirological malware that permanently blocks access to the victim’s personal data unless a ransom is paid.

The arguments against not paying the ransom include humanitarian concerns – such as the risk to the hostages (i.e., the terrorists may resort to violence), as well as public and political pressure (i.e., the families and public can oftentimes exert significant pressure on the government to pay the ransom). This is according to Chris Denbigh-White, CISO, Next DLP.

Denbigh-White explains to Digital Journal about the arguments for not paying the ransom, which include deterrence in that it could discourage future kidnappings (if terrorists and criminals believe they will not profit from the business of kidnapping) as well as weakening terrorist finances, thereby weakening current and future operational capabilities.

Should this same rationale should be applied to ransomware payments? Denbigh-White says similar ethical considerations need to be addressed, such as whether paying ransomware demands funds further criminal activity.

There are also legal questions. Take the U.S. According to the U.S., Department of the Treasury, “in the U.S., while there is no outright federal law that makes paying ransomware demands illegal, there are in fact significant legal and financial risks associated with making such payments.”

The effectiveness of a “no concessions” strategy needs to be explored,  from both a short- and long-term basis., notes Denbigh-White

He adds that some would argue that paying the ransomware demand, in the short term, is a necessary evil to secure the return of your data and/or deter the cybercriminals from making it public.

Concluding, Denbigh-White states: “History has – of course – shown us that this is not always the case. While others would argue that in the long-term payment simply ensures the continuation of this type of cybercrime. Of course, while non-payment may contribute to long-term deterrence, it involves a difficult business trade-off in the short term.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

World

US immigration authorities will carry out mass arrests of undocumented immigrants across the country on Tuesday.

Tech & Science

Millions of people can potentially have their data stolen because of a deficiency in Google’s “Sign in with Google” authentication flow.

Social Media

TikTok says it will "go dark" in the United States on Sunday, threatening access to the app for 170 million users.