I don't think I would ever pay ransom under any circumstances. Not for data or system functionality. I'd throw the computers in the river. I know this about myself because I had to deal with a kidnapping and extortion of my best friend in south america around 15 years ago.. and a few years later a ddos extortion attempt on one of my servers (the criminal was released from prison recently and I won a federal judgment against him for damages). Not a day goes by that I don't wish misery and sickness on those people. But something emerged in me during those crises that was not necessarily something I liked about myself in the long run. I wouldn't negotiate. I'm ashamed to admit I risked a friend's life by lying to the kidnappers. But I couldn't believe a word they were saying or even know if she was alive. I went cold and stopped cooperating. It was terrifying but I was in shock. I played poker with someone's life. It's something you don't really know about yourself or ever want to know until you're in the situation. I still have nightmares about it.
From a practical viewpoint, the question is simply whether the money multiplied by the chance of success is a better option than the money needed to rebuild.<p>But I'd rather compare this to a natural disaster you were ill-prepared for. A lightning strike or tornado can also wipe all your data. You can't negotiate ransom with nature. And giving in to ransomware makes it worse for everybody else since it makes ransomware financially viable. IMHO it needs to become socially unacceptable to be ill-prepared for a ransomware attack. I don't care if it was a 0day or whether your security was sloppy. It was your job to be prepared for this.<p>At CCC events you commonly find a sticker at the exchange tables that reads "Kein Backup, kein Mitleid" - "no backup, no compassion".<p>But the post makes a good point - you don't need backups. You need restore. Which takes time and is frequently ill planned. Sadly.
Before it gets mentioned here is a good post why ransomware gangs love (traceable) Bitcoin. Most of ransomware gangs are more or less well known, not really anonymous.<p><a href="http://jpkoning.blogspot.com/2021/06/why-do-ransomware-gangs-like-bitcoin.html?m=1" rel="nofollow">http://jpkoning.blogspot.com/2021/06/why-do-ransomware-gangs...</a>
First off, I remember reading that it was not control of their infrastructure that the hackers had, it was control of the accounting systems. They are separated functions and the pipeline could not bill folks that’s why they shut it down... think about that... these folks shut it down cause they were worried about counter-party risk in payments...
> So you’re like, “Oh great. We have backups, the data is there, but the application to actually do the restoration is encrypted.”<p>From my experience dealing with ransomware, most encrypted applications are not recoverable, even with the key. Those app servers need to be rebuilt or restored. File servers and individual files can be decrypted using the key, but applications get scrambled.
So many businesses don't do DR/BCP or security properly. 99% of businesses cannot survive losing data, so it's crazy to not have proven backups and automated infrastructure restoration.<p>It's like with cloud and microservices, most of the time backups, monitoring, and security aren't even considered.
>Coveware has negotiated a “few thousand” ransomware cases since its founding in 2018, and each case is different, Siegel says.<p>Hmmm.<p>That would be a handful of negotiations per working day, or at least two/three per day 24/7.
The U.S. Constitution permits “Letters of Marque and Reprisal”, essentially Congress giving individuals permission to wage outright war on foreign entities. Ransoms (be it for life or data) are absolutely an appropriate application.