This seems to call for a different version of “responsible disclosure”. Perhaps CISA could set up a clearing house
for vetted ransomware targets to connect with white hats
who have solutions. Tricky, especially for publicly traded
companies, but could be doable.