Crypto Ransomware seems to be a growing problem. I believe it should be a federal crime with a fine of $1 Million USD (or equivalent) for paying the criminals. I think there should be a court to make exceptions.<p>What are your thoughts?
Its not really feasible to have a standard policy of fining organizations and then forcing them to go to a court for an exception. One of the favorite targets of crypto ransomware groups is hospitals because if they infect the right systems operations are impacted to the point where peoples' health can be endangered.<p>Courts are slow.<p>IMO, as the government, if you prevent people from helping themselves you have an ethical obligation to provide a suitable remedy to the problem.<p>Its usually a bad idea to pay a ransom, however, some organizations in specific situations don't have viable alternatives. In some cases they pay and still don't get their data back. However, the attackers generally do have a vested interest in decrypting data when they get paid. Its actually a pretty interesting ecosystem because some attackers set up proper customer support channels and in some cases are very cordial and helpful as they are extorting you. Some of them are trolls but I've seen chat logs where broke college students were able to negotiate the release of their homework for free.<p>Having a robust and well thought out system of backups is the best defense. However, that still doesn't always make the problem reliably fixable fast enough to ensure that no one will ever find a valid reason to pay a ransom.<p>Source: I'm a security analyst but there are some in the industry that disagree with my opinion.
What problem would this solve?<p>Seems like it would just be bureaucratic nightmare and a tax drain if you're leaving the exceptions up to a new court. I mean, even in the criminal system the current wait times for trials are about 2 years. That money would be better spent on adding courts to the existing system, you know, to give people their constitutionally guaranteed right to a speedy trial.