A new law to ban extortion payments won’t immediately halt ransomware attacks, because cybercriminals would certainly test the resolve of victims. But if cybercriminals learned that no matter what they did there would be no payday, they would abandon ransomware as a tactic that no longer yielded results.
Changing the laws to force companies to stop paying ransom may sound fantastical, but steps in that direction have already been taken. In November 2023, 40 countries attending the second annual meeting of the International Counter Ransomware Initiative vowed to stop paying cybercrime ransoms. While not having the weight of enforceable laws, a large coalition of nations signaling a willingness to work together on this issue could be the first step towards an enforceable international treaty.
Closer to home, several states have passed or are considering passing laws that would make ransomware payments illegal. In April 2023, North Carolina became the first U.S. state to make it illegal for state agencies and local government entities to communicate with ransomware groups or pay a ransom demand. Florida passed a similar law in July 2023, and more laws of this type are being considered in Arizona, Pennsylvania, New York, and Texas.
https://lnkd.in/gdJfE8nn