How Should We Handle Ransom Payments to Hackers? Very Carefully.
The announcement last week that U.S. law enforcement officials had managed to recover $2.3 million of the roughly $4.4 million ransom that Colonial Pipeline paid hackers was a welcome development. But it also raised questions about who should bear the costs of ransom payments as the threat of online extortion grows.
The Colonial Pipeline ransom retrieval sends a strong message to American companies that are hacked that the government can help. This will, hopefully, encourage victims to report these attacks to the authorities. But it may also make companies more willing to pay ransom — and that would be good news for cybercriminals.
Any effort by the government to more aggressively reclaim ransom payments must, then, go hand in hand with a regulatory crackdown on insurance coverage for ransoms. We also need careful consideration of how much — if any — of the reclaimed ransoms should be returned to the victims who paid them. (In the case of Colonial, the U.S. government has not made a statement about who will receive the recovered funds.)