zlacker

Typically, companies wouldn't really pay an actual ransom like unmarked bills stacked in a paper bag and thrown out from a bridge onto a passing barge.

Instead, you would pay (exhorbitant) consulting fees to a foreign-based "offensive security" entity, and most of the time get some sort of security report that says if you'd simply plug this and that holes, your systems would now be reasonably safe.

>>vntok+(OP)
> Typically, companies wouldn't really pay an actual ransom like unmarked bills stacked in a paper bag and thrown out from a bridge onto a passing barge.

Yes, that's why cryptocurrencies are a gift from heaven for these hacker groups.

Therefore, even if paying ransom money (somehow) must be legal, maybe it should be illegal to use crypto for it. You don't want to make it too easy to run this type of criminal business.

>>ameliu+H4
Criminals are plenty capable of accepting bank transfers, many of the same people running ransomware now were operating banking bots for years and years and stealing hundreds of millions from US businesses with wire transfers before crypto even existed.

You go on some Russian crime forum and find a plenty of people offering to process bank transfers like these for some percentage of the money. As these particular payments would be somewhat consensual, you wouldn’t even have to worry about the funds getting frozen on the way.

>>vntok+(OP)
>Instead, you would pay (exhorbitant) consulting fees to a foreign-based "offensive security" entity

Lots of US based incident response companies handling ransomware payments, this isn’t the domain of some sketchy foreign offsec joints.