Hacker News new | ask | show | jobs
by wongarsu 62 days ago
It would make the ransomware statistic go down without actually stopping crime. Any company that considers paying the ransom would have a strong incentive to never report the security incident to avoid being punished for ransom payments
2 comments
entuno 62 days ago
Plus it gives the ransomware gangs a whole new angle they can use.

So, remember how you illegally paid us a ransom a few months ago? Unless you want to go to prison, then you better...

We're already seeing this against companies who pay ransoms and fail to report the breaches when they're legally required to - but it would be much worse if it's against individuals who are criminally liable.

link
nradov 62 days ago
Make employees criminally liable for making ransom payments, along with whistleblower protections. Very few employees will risk going to prison to protect their employer. You can always get another job.
link
ArcHound 62 days ago
I don't think this helps anybody. There will always be some poor soul taking the blame for the crimes of the higher ups. And what exactly the crime would be? Using company money to pay an unspecified third party? Also pretty hard to enforce.
link
nradov 62 days ago
It should be a crime to knowingly transfer money to criminals for any reason. And it wouldn't not hard to enforce: offer bounties to whistleblowers who turn in their colleagues.
link
bigfatkitten 62 days ago
It likely is in many places, under laws relating to dealing with proceeds of crime, but I’m not aware of any prosecutions having ever been made on this basis.
link