Criminalize paying ransom
It should be a crime to pay ransom anyway.
The ONLY way ransomware is going to stop is if a few CEOs go to jail for paying.
Nitrogen ransomware is so broken even the crooks can't unlock your files
Cybersecurity experts usually advise victims against paying ransomware crooks, but that advice goes double for those who have been targeted by the Nitrogen group. There's no way to get your data back from them! According to Coveware, which peered under the hood of Nitrogen's ransomware program, a programming error prevents the …
-
-
-
-
Friday 6th February 2026 13:18 GMT Stuart Castle
Re: Criminalize paying ransom
My employer couldn’t do anything like that. Initially because during Covid, we gave staff usb headsets and laptops so they could work from home, but now because we’ve switched a policy of giving out laptops and docking stations in preference to desktops. You have to have a pretty bulletproof business case to get a desktop now. Most docks require usb connections now.
-
-
-
-
Monday 9th February 2026 01:49 GMT Eric 9001
Re: Criminalize paying ransom
Other methods of payment can be viable, like gift cards - cryptocurrencies are just more convenient.
Outlawing cryptocurrencies can't magically make them stop working - all it could do is force adoption of private ones like Monero (which the government certainly does not want, which is why cryptocurrencies are not banned).
-
-
-
-
-
Tuesday 10th February 2026 08:00 GMT Anonymous Coward
Re: Criminalize paying ransom
Most backups aren't offline - it's been years since most systems were writing to a tape drive and someone took the cartridge and locked it in a fire safe each day (hopefully).
Most backups are online for many reasons, including ease and speed of recovery (and therefore visible to any bad actors who have access to your production network).
A lot of backup systems are administered at the infrastructure level by the same people with credentials to the production environment (so if credentials are compromised, you get two birds, for the one stone).
Immutability is often talked about, but if the immutability doesn't continue from the backup software all the way through the data path to the controller running the drives, it can more often than not be circumvented.
-
-
-
Friday 6th February 2026 12:32 GMT Lee D
Re: Criminalize paying ransom
No need.
It's literally money laundering anyway.
You are paying an unknown and unidentified third-party money in order to facilitate them committing a crime.
There is literally no LEGAL way to do that as a business.
(For all you know, the director and his secretary got together, they "attacked" the company, the company "paid the ransom", and those two took the proceeds and are now living in Bali....)
I have to keep explaining this to my (audited, registered charity) employer. You can't ever pay a ransom, because it's money-laundering. It's that simple. We can't even accept a donation over a certain amount unless we can prove who it came from, let alone pay out thousands to random, unidentified people, for illegal purposes.
-
Friday 6th February 2026 19:06 GMT Random Handle
Re: Criminalize paying ransom
It's only illegal if there is a suspicion of terrorist or specifically sanctioned (by Government) groups/individuals - ICO/NCSC etc advise non-payment but allow it and have advised it in at least couple of cases. Money laundering regs covers money which is the proceeds of crime not money paid to criminals (which would effect vast swathes of other industry too!)
-
-
-
-
Saturday 7th February 2026 00:41 GMT Anonymous Coward
Re: I doubt that will worry them.
People are more likely to pay if there is evidence in previous cases that paying results in getting their data back. Security organisations know which groups will release keys and will at least advise if a payment will get data back or not.
And there are a lot more payments going on then anybody will admit to. I've heard both M&S and JLR paid something.
-
Wednesday 4th February 2026 15:47 GMT Eclectic Man
Quality control?
According to a retired bomb disposal officer, the IRA had a pretty good build standard for their 'official' explosive devices. Now admittedly the IRA bombing campaign on the UK mainland was mostly to scare rather than kill people, so they wanted the UK authorities to know that their bombs would cause damage if they were not defused in time, but also that they could be defused in time if their warnings were heeded. They also did not want to blow up their own people.
Criminals using ransomware to obtain funds really do need to check the quality of their code and to test it properly first. I'm not expecting ISO certified quality here, just common sense*.
*If you are expecting any from this poster, you are going to be seriously disappointed.
-
Thursday 5th February 2026 15:46 GMT Doctor Syntax
Re: Quality control?
"They also did not want to blow up their own people."
They did not succeed in this. As I've said before, one of my first jobs in forensic science was cleaning up clothing remnants so that the family of a failed bomber Cound identify them. It involved removing bits of bomber from them. Then there was the Newry customs post bombing at about the same time. The only trace of a 3rd bomber was a penis whose blood group didn't match the other two pools.
-
-
-
Wednesday 4th February 2026 19:49 GMT Anonymous Coward
Re: Oversight, Regulation & Protection ... Not on my watch !!!
There will be no change until someone wants things to get better and actually starts putting in place the things that would make the current 'Wild West' illegal and not just 'out of favour'.
Unfortunately, the current POTUS is not pro Oversight, Regulation & Protection, which means that he is not going to support anyone who trys to put in place things that facilitate Oversight, Regulation & Protection in our industry or ANY Industry or Arena of life.
Herr Trumps view is that Oversight, Regulation & Protection impacts Profits and therefore needs to be reduced NOT increased.
To date Herr Trump has impacted the existing Oversight, Regulation & Protection by attacking the agencies that were there to provide these things.
The agencies have been weakened and the people in those agencies have been replaced with cronies that follow his every word.
NO CEO is going to risk Herr Trumps response to being actively worked against !!!
TL;DR
Not going to happen until Hell freezes over ... twice !!!
:)
-
-
-
Friday 6th February 2026 09:22 GMT JamesTGrant
No because it’s the public key that’s mashed. With asymmetrical encryption you can’t decode a payload using the public key which was used to encrypt it.
The generation of the public key from its private key is easy and not supposed to be hard. But changing even one bit of a public key makes the corresponding private key unusable and if you were to do a bitwise comparison between the original private key and the private key that corresponds to the modified public key then they would be very different.
Effectively, they don’t have the private key because they corrupted their public key and you cant derive the private key from the public key.
Hope that helps!!
-
-
Saturday 7th February 2026 00:51 GMT Anonymous Coward
Just doing backups isn't enough. You don't think M&S or JLR didn't have backups. Firstly ransomware integrates into your backup solutions and will encrypt it but still leave it accessible. Secondly these attacks rarely attack servers directly so just restoring or even rebuilding your serves isn't enough, they will just get re-attacked.
-
-
Monday 9th February 2026 14:36 GMT Anonymous Coward
Data touched by ransomware is useless
When I was at Dell a few years ago I was scolded for saying this so let me say it again: data touched by ransomware is absolutely useless. There is no point to "ransoming" your data.
Anything that can encrypt your data can alter it, so paying for ransomware is paying for data that can have been altered in unknown ways.
Active software could have had its functionality changed, for example backdoors installed.
Data at rest could have been altered to represent or say anything. You want to face an audit and explain why every invoice for the past two years reads $69?
The solution to ransomware is a robust and fully-tested (that is, restored-from-blank-slate) backup and restoration system. And it's got to have enough depth to withstand time-delayed ransomware that infects multiple backups before executing. That way if you're hit with ransomware you restore from backup, take the L, and move ahead.
You CAN'T use data that has been "encrypted and ransomed." It's garbage.
My nitwit masters at Dell were focused on "solving the ransomware problem" by purchasing some expensive suite of vaporware that would magically assure them they would not be victims of a ransomware attack. Every VP wanted to be the one who dropped eight figures but made so that the company could unclench its collective butthole.
What they didn't want to be told was you already have the software - it's your backup system. If you don't already have a reliable, robust backup system, now's the time to ensure that you do. And remember, unless you've restored cold, blank systems from backup to full operation, you don't yet know whether your backup system works.
While you're at it, work on your disaster recovery plan and emergency communications structure. And remind employees not to talk to the press about anything that happens. Leave that to corporate communications or risk damaging your company's stock price with rumor and supposition.
Biting the hand that feeds IT
