[Scoundreller]

> As bad and annoying as hackers are, I'm not familiar with any government recognizing any hacking group as a terrorist group.

If you’re sending a large sum of money to $anonymoushacker, how do you ensure they’re not on some OFAC list? Or do your AML checks? Or make sure you’re not on the wrong side of Foreign Corrupt Practices act? The third party probably turns a blind eye to that cuz there’s no way of really checking.

[abigail95]

the people who do "AML checks" are the ones processing the transaction.

i don't do that every time i want to send money. private individuals don't just "run checks" - it would make commerce untenable and possibly unconstitutional.

say you get a passport, an address, a photo, a signature, a phone call - how do you verify any of this is real?

[zbentley]

Cryptocurrency mitigates most of those concerns. That's why the flourishing of crypto payment systems has been an unalloyed blessing for cybercriminals.

[bluGill]

No it does not. It makes some things harder and some things easier. The public ledger means you can track where then money flowed - you might not know who had it but you know how it flows which is interesting. I don't know if it has happened, but I've heard of proposals to make any bitcoin the traces to some transaction illegal to have, and that means nobody who might get caught will have anything to do with those.

[teddyh]

“Payment must be made in small, used bitcoins.”

[Scoundreller]

It can at a technical level but not at a legal level.

Your BigCo accounting department is not going to be very understanding about acquiring cryptocurrency to send to ??? for a ransom.

[dylan604]

Isn't this why in other comments people have said that companies use third parties to pay the ransom rather than paying directly?

[Scoundreller]

That’s my theory too. Setting up payments to a new vendor is hard enough even for the most legitimate.

An org’s Net30 terms aren’t going to work here…