If it was illegal to pay the hackers back, and the Colonial Pipeline ransomware attack still happened, what would the options be? We'd have to turn the systems back on some way right?
They'd restore from backups, which is already what they did even after paying the ransom. More importantly, would the hack have happened in first place if they knew there was no chance of being paid?
Every ransom paid just funds and encourages the next hack. The social damage is deserving of a large fine (i.e. 10x the ransom).
Apparently they ended up having to do just that even after paying the ransom:
"The decryption software provided by the hacking group DarkSide, notes Bloomberg, was reportedly 'so slow' that Colonial Pipeline 'continued using its own backups to help restore the system.'"
I mean if you have backups then sure, don't pay. Every case won't be that simple. It also seems a bit odd that they'd pay if they truly had all the backups they needed.
Theoretically, no, the hack wouldn't happen if they knew there was no chance.
Realistically, yes, the hack would still happen. Because there will never be a world where people don't pay ransoms, especially if they have no other options / backups.
If they restored from backup, how do they know the attack wouldn't hit again immediately? The ransom wasn't just to decrypt the data, but to halt the attack.
> More importantly, would the hack have happened in first place if they knew there was no chance of being paid?
Why wouldn't it? They could easily been paid by another group to perform the hack, used the hack to manipulate stock prices, sold the stolen financial data, or, most likely, the ransom would have been paid indirectly though some other means, like hiring a "cyber security consultant."
Every ransom paid just funds and encourages the next hack. The social damage is deserving of a large fine (i.e. 10x the ransom).