We all know its illegal to kidnap someone and ask for a ransom payment. But should it also be illegal for the victim to pay the ransom?
Earlier this month the U.S. Treasury Department did just that. It notified the world that certain ransom payments are illegal, specifically those to sanctioned ransomware operators. Should a victim pay a ransom to a sanctioned entity, that person may face a big fine.
J.P. Koning, a CoinDesk columnist, worked as an equity researcher at a Canadian brokerage firm and a financial writer at a large Canadian bank. He runs the popular Moneyness blog.
Punishing ransom victims seems heartless. But it may be one of the best ways to protect the public from extortionists. And if it wants to make a serious dent in the growing ransomware market, the Treasury Department will have to go much further than putting a few entities on its sanctions list.
On Oct. 1, the U.S. Treasurys Office of Foreign Assets Control (OFAC) published a notice reminding everyone that several ransomware operators have been put on OFACs list of sanctioned entities, otherwise known as its Specially Designated Nationals (SDN) List. The agencys letter clarifies that should a victim make a ransom payment to an OFAC-sanctioned ransomware operator, that person could be breaking the law.
The ransomware wave
Ransomware is malicious software that blocks access to a computer system by encrypting data. Once the data is locked, the ransomware operator demands the victim pay a ransom in exchange for a decryption key.
The emergence of bitcoin, a digital, uncensorable asset, has made it particularly easy for ransomware operators to profit from their attacks. The earliest bitcoin ransomware strains targeted regular consumers with $300 or $400 ransoms. In 2019, operators like Sodinokibi, Netwalker and REvil began to move on to attacking corporations, municipal governments, school boards and hospitals.
The ransoms have gotten much larger. This summer, the University of Utah paid $457,059 in bitcoin for a decryption key. CWT, a travel company, paid $4.5 million to Ragnar Locker ransomware operators in July. The list of victims grows longer by the hour.
The damage involves more than just the ransom fee. Many organizations bravely refuse to give in to the ransomware operators demands. Rebuilding their network often costs more than the actual ransom payment. The crippled system will likely remain down for days, even weeks. The Government of Nunavut, a Canadian territory, couldnt serve citizens for almost a month after it refused to pay Dopplemayer ransomware operators.
A collective action problem
Societys response to ransomware is an example of a collective action problem. The public would be better off if everyone cooperated and refused to pay money to ransomware operators. With no incoming ransom income, the ransomware business would be unprofitable, attacks would cease and the collateral damage would stop.
Unfortunately, spontaneous cooperation between thousands of corporations, governments, and nonprofits is difficult to achieve. Any attempt to boycott ransom payments must rely on appeals to solidarity. But organizations will face pressure from shareholders or citizens to recover as quickly as possible, and so they will secretly pay. If 10% or 20% of victims defect from the boycott and pay the ransom, then the ransomware industry will be profitable and so everyone suffers as the blight continues.
Banning ransomware payments may not be the perfect option for stopping the growing ransomware wave, but it may be the best option weve got.
One way to fix the collective action problem is for the government to help push the public towards the best solution. The government can do this by declaring ransom payments illegal, and setting a penalty for rule breakers. The punishment for breaking the law would be a $20 million fine, or something like that.
Now when a ransomware operator attacks, all the victims cooperate by default. No, we cant pay you. If we do, well have to pay an even larger fee to the government. Ransom payments will stop, ransomware operators will cease their attacks and the damage ends.
The market for bribes as an analogy
Using the government to arrive at the best solution to a collective action problem isnt without precedent. Another type of shady payment, the payment of bribes, provides a useful analogy.
If companies must habitually bribe foreign government officials for contracts, then that drives up the costs of doing business. The public would be better off if everyone refused to pay a bribe. But cooperation is difficult.
Until the 1970s and 80s, foreign bribes were valid tax deductions in many countries. But efforts like the U.S.s Foreign Corrupt Practices Act of 1977 (FCAP) made it unlawful to bribe foreign government officials. Multinationals can now push back against bribery requests by pointing to FCAP. This helps push society arrive at the no-bribe solution.
The U.S. Treasurys recent clarification about the illegality of certain ransom payments only goes part of the way. It prohibits payments to a few bad actors, but there are many ransomware operators that do not appear on OFACs SDN list. To help solve the collective action problem, OFAC would have to be more proactive in designating ransomware operators.
Sussing out the names and identities of all the producers and distributors of ransomware seems like an impossible task, however. It would be much easier to declare a blanket ban on all ransomware payments, just as how FCAP bans bribery. Ransom bans arent without precedent. In response to a wave of kidnappings by organized crime, Italy prohibited ransom payments in 1991. Colombia and Switzerland have also made ransom payments illegal. The Group of Seven has a long-standing policy of refusing to pay ransoms for hostages of terrorist groups.
The knock against prohibiting either bribes or ransom payments is that it forces the market to become more opaque. If it is legal to make a bribe, then the bribe payer can report the bribe taker. This serves to limit the market for bribes. Ban bribes and the bribe payer is incentivized to cooperate with the bribe taker to keep things secret.
This is why Kaushik Basu, the former chief economist at the World Bank, has long advocated for legalizing bribe payments.
As for ransomware, victims who pay a ransom can report the attack to law enforcement agencies like the Federal Bureau of Investigation without fearing a fine. This allows the FBI to follow up. But if it is illegal to pay a ransom, then victims that choose to pay will keep their actions a secret. Lacking accurate data, the FBI will do a poorer job of defending against ransomware.
The other knock against banning ransomware payments is the perceived inhumanity of it. Try telling a mother or father that it is illegal for them to pay a ransom to free their kidnapped child. The same goes for ransomware. A school board that has been crippled by ransomware can immediately resume classes by paying a $20,000 bitcoin ransom. But under a prohibition, children may have to go a week or two without classes as the school board rebuilds its systems.
There are also civil liberties concerns. Businesses will argue that a ban on ransoms infringes on their ability to control their property.
Bitcoin isnt Green Dot
When extortionists find profitable ways to bilk the public, one way to fight them is to make changes to the underlying payments platform that the scammers are using. Internal Revenue Service scammers converged on Green Dot MoneyPak cards in the mid 2010s as a useful way to extort innocent Americans. The chosen solution wasnt to tell victims that paying ransom was illegal. Rather, Green Dot Bank pulled the product for a year and reprogrammed it. And it worked. Criminals have moved on from using MoneyPaks to do IRS scams.
Unlike MoneyPaks, bitcoin cant be reprogrammed. That leaves society with one less option for protecting itself from ransomware attacks. And so the no payment solution to the collective action problem beckons. Banning ransomware payments may not be the perfect option for stopping the growing ransomware wave, but it may be the best option weve got.
Read more from the original source:
Ban All Ransomware Payments, in Bitcoin or Otherwise - CoinDesk - CoinDesk
- Bitcoin to tumble further: oddsmakers bet on drop to $10K - Yahoo Finance - June 12th, 2021
- Bitcoin Is Actually Traceable, Pipeline Investigation Shows - The New York Times - June 12th, 2021
- Jim Cramer: Be patient with bitcoin, approach the S&P with caution - CNBC - June 12th, 2021
- As bitcoin falls to $32K, two strategists discuss whether it's a buy now - CNBC - June 12th, 2021
- Bitcoin ($BTC USD) Cryptocurrency Price Outlook: Futures a Warning to JPMorgan - Bloomberg - June 12th, 2021
- Hacking bitcoin wallets with quantum computers could happen but cryptographers are racing to build a workaround - CNBC - June 12th, 2021
- Bitcoin bounces from 3-week lows why 'bad narratives' have one trader staying neutral - CNBC - June 12th, 2021
- Cryptocurrency News Today June 12: Bitcoin, Dogecoin, Shiba Inu and other top coins prices and all latest u... - Zee Business - June 12th, 2021
- El Salvador looks to become the first country to adopt ... - June 8th, 2021
- Bitcoin extends losses, falling below $32,000 after U.S. seizes most of Colonial ransom - CNBC - June 8th, 2021
- Bitcoin believers have nothing to worry about; their crypto is here to stay - Business Standard - June 8th, 2021
- Bitcoin skids to two-week low, but technical analyst says the slump is not a 'decisive breakdown' she's watching the next two closes - MarketWatch - June 8th, 2021
- Thousands of bitcoin believers descended on Miami to party and preach the gospel of 'HODL' - CNBC - June 8th, 2021
- Bitcoin, Ethereum and XRP Plunge In Steepest Drop Since May - TheStreet - June 8th, 2021
- If you're thinking about investing in bitcoin, consider these risks first If you've gotten - CNBC - June 8th, 2021
- China Reconsiders Its Central Role in Bitcoin Mining - The Wall Street Journal - June 8th, 2021
- El Salvador may be the first country to accept Bitcoin as legal tender - Yahoo Tech - June 8th, 2021
- Bitcoin of America is Hoping to Inspire Women to Join the Crypto Industry by Sending its Powerful Female Team to Bitcoin 2021 - PRNewswire - June 8th, 2021
- Take that, Miami: Hong Kong hosts its own Bitcoin meetup - Forkast News - June 8th, 2021
- Bitcoin is greener than many --- including Elon Musk --- think it is - MarketWatch - June 2nd, 2021
- Bitcoin hits $38K as BTC price breaks above 'line in the sand' resistance - Cointelegraph - June 2nd, 2021
- Bitcoin Price Volatility Reached Its Highest In A Year During May - Forbes - June 2nd, 2021
- Bitcoin is headed toward its worst month since 2011; 'Rich Dad, Poor Dad' author says that's 'great news' - MarketWatch - June 2nd, 2021
- Wall Street struggles to sell Washington on Bitcoin for the masses - POLITICO - June 2nd, 2021
- Bitcoin contends with biggest monthly drop on record - Fox Business - June 2nd, 2021
- Few, if any, financial advisers expected to recommend bitcoin and dogecoin to clients --- here's how many now suggest buying crypto - MarketWatch - June 2nd, 2021
- Want to Stop Ransomware Attacks? Ban Bitcoin and Other Cryptocurrencies. - The New Republic - June 2nd, 2021
- Cryptocurrency expert says Bitcoin, Stablecoin payments will be accepted by more businesses - Fox Business - June 2nd, 2021
- Crypto market comeback? Ask experts anything about dogecoin, bitcoin, Ethereum latest and more - The Independent - June 2nd, 2021
- Bitcoin slumps 7% as investors brace for another bouncy weekend - Aljazeera.com - May 30th, 2021
- In the Battle over Bitcoin, Its Bull vs. Bear in Elon Musks Brain - Barron's - May 30th, 2021
- Analyst says reclaiming $37,500 is Bitcoins crucial line in the sand - Cointelegraph - May 30th, 2021
- When Is Bitcoin's Reign Going to End? - Analytics Insight - May 30th, 2021
- Top cryptocurrency prices today: Bitcoin, ethereum, dogecoin and more - Moneycontrol.com - May 30th, 2021
- Billionaire Ray Dalio says he owns bitcoin, and its 'greatest risk is its success' - CNBC - May 30th, 2021
- Bitcoin hovers around $40,000 after a wild week of trading - CNBC - May 28th, 2021
- Bitcoin price slides along with other cryptocurrencies - Fox Business - May 28th, 2021
- Bitcoin Crashes Toward $30,000 As Ethereum, Binances BNB, Cardano, Ripples XRP And Dogecoin Lead Another Crypto Price Plummet - Forbes - May 28th, 2021
- Why is the price of bitcoin and other cryptocurrencies falling? - CBS News - May 28th, 2021
- Bitcoin Depot Among Industry Leaders to Participate at Bitcoin 2021 Conference - PRNewswire - May 28th, 2021
- Bitcoin slumps 8% as it heads for bruising monthly drop - Reuters - May 28th, 2021
- How Far Bitcoin Could Fall If the Selloff Worsens - Barron's - May 28th, 2021
- Bitfarms Mines 1000th Bitcoin with Hydroelectricity This Year - GlobeNewswire - May 28th, 2021
- Bitcoin and bonds wont cut it. Buy these 6 types of assets for protection in a bear market, says strategist. - MarketWatch - May 28th, 2021
- Bitcoins Reliance on Stablecoins Harks Back to the Wild West of Finance - The Wall Street Journal - May 28th, 2021
- The Cryptocurrencies That Outperformed During Bitcoin's Crash - Barron's - May 28th, 2021
- Bitcoin investors are flying too close to the sun: analyst - Yahoo Finance - May 28th, 2021
- Bitcoin Investing vs. Invisible Hardware of the Nanocosm - Yahoo Finance - May 28th, 2021
- Bitcoin: I'll either be rich, or wrong - Financial Times - May 28th, 2021
- Crypto News: Bitcoin, Other Cryptocurrencies Suffer Another Weekend Rout - Barron's - May 24th, 2021
- Bitcoin is up, then down. But exactly how does it work? - USA TODAY - May 24th, 2021
- MORNING BID-Bitcoin and Belarus in the headlines - Reuters - May 24th, 2021
- Recovery rally takes bitcoin back above $40k; Treasury proposal weighs on gains - Reuters - May 24th, 2021
- Bitcoin prices tumble 50% from peak and Mark Cuban calls the crypto crash the 'great unwind' - MarketWatch - May 24th, 2021
- Bitcoin has just crashed and we may see another rally. But is this the time to buy? - ABC News - May 24th, 2021
- Bitcoin Vs. Gold: Surviving Inflation - Forbes - May 24th, 2021
- Bitcoin recovers after plunge that shaved $1 trillion off crypto market: CNBC After Hours - CNBC - May 24th, 2021
- Crypto strategist sees pullback in bitcoin and ether as a healthy sign after massive rallies - CNBC - May 24th, 2021
- Why is crypto crashing? Will bitcoin prices ever recover? Here's what traders and investors say - MarketWatch - May 24th, 2021
- 3 Growth Stocks to Buy That Could Be Bigger Winners Than Bitcoin and Dogecoin - Motley Fool - May 24th, 2021
- Bitcoin flash crash amplified by leverage and systemic issues - Financial Times - May 24th, 2021
- Some old investing lessons from the Bitcoin crash - Mint - May 24th, 2021
- If You Invested $1,000 in Bitcoin 10 Years Ago, Here's How Much You'd Have Today - The Motley Fool - May 9th, 2021
- Elizabeth Warren: 'There's a real issue' with environmental impact of bitcoin - Yahoo Finance - May 9th, 2021
- SEC Chairman Gary Gensler says more investor protections are needed for bitcoin and crypto markets - CNBC - May 9th, 2021
- Bitcoin (BTC USD) Cryptocurrency Price: Bank of England Warns of Full Losses - Bloomberg - May 9th, 2021
- Marathon Miners Have Started Censoring Bitcoin Transactions; Here's What That Means - CoinDesk - May 9th, 2021
- Downtown Josh Brown on bitcoin and wealth management - The Block Crypto - May 9th, 2021
- FBI: Knoxville man paid hitman in Bitcoin to kill his wife - WATE 6 On Your Side - May 9th, 2021
- Metromile Will Embrace Bitcoin For Insurance Premium And Claim Payments - Forbes - May 9th, 2021
- FBI: Tennessee man paid hitman in Bitcoin to kill his wife - wreg.com - May 9th, 2021
- If You Bought $1,000 Worth of Bitcoin a Year Ago, Here's How Much You'd Have Today - The Motley Fool - May 9th, 2021
- Bitcoins upcoming Taproot upgrade and why it matters for the network - Cointelegraph - May 9th, 2021
- Bitcoin ($BTC) or Ether ($ETH): Which Crypto Coin Is a Better Investment? - Bloomberg - May 6th, 2021
- Forget Bitcoin: Here are The Crypto Assets To Follow - Yahoo Finance - May 6th, 2021
- Mark Cuban: The 3 ways Ethereum 'dwarfs' bitcoin - CNBC - May 6th, 2021
- Square gets a bitcoin boost with revenue up 266% - CNBC - May 6th, 2021
- Crypto Expert Predicts That Bitcoin Will Eventually Hit $1 Million USD per Coin - HYPEBEAST - May 6th, 2021
- Bitcoin price live: Experts predict latest ethereum and dogecoin records may be early stages of rally - Yahoo Finance Australia - May 6th, 2021
- DeFi More Disruptive to Banks Than Bitcoin, Says ING - CoinDesk - CoinDesk - May 6th, 2021