Australia's government is considering a ban on ransomware payments — do you think that could be effective? Why or why not?
Sort By:
Oldest
C-Suite in Healthcare and Biotech2 years ago
This is a complicated question. Does the government have the authority to ban such things? Will banning payments create two 'criminals' instead of just one? Will the banning punish the victim...and the many peripheral victims who are impacted when a business is offline (or healthcare organization)?These questions aside, paying the criminals does continue to bring more criminals to the feeding trough, so to speak. If you cut off the financial win, there is a good possibility it might impact those doing the attacks. However, I don't think that just Australia doing this will be enough of an impact. It would have to be an international stance.
I do suspect that we are still a long way from where cybercrime will evolve into. If the ransomware payments go away, it will just result in a change in how the cyber criminals find ways to gain from the compromise.
Director of Information Security in Energy and Utilities2 years ago
I agree that this is a complicated question. They have the authority to regulate how their government works, but I doubt that they can issue an executive order to ban ransomware payments without passing a law.Regardless, I don't know if it is effective. It is a business decision and only the business owner knows the answer. Let's say it got banned. How do they stop international ransomware payment brokers from getting the encryption key on behalf of the business?
CISO in Software2 years ago
I agree that it is complicated, but I also agree that it is similar to terrorism payments. Do not pay terrorists, make it illegal to pay ransomware, it will reduce this tactic significantly.Director, Strategic Security Initiatives in Software2 years ago
It will be - as more visibility and ownership!
On the other hand, the penalty may be worth it considering all factors.