US officials and political representatives want payment for ransomware to become illegal. Political representatives from four US states asked that the national congress prohibit organizations from paying the ransom in ransomware cases.
According to the law firm Alston & Bird, the states New York, North Carolina, Pennsylvania and Texas are already discussing bills in this scenario.
According to CSO Online, which contacted some authors of these bills, the idea divides opinions in the public sphere, with representatives supporting and others disapproving of the idea.
New York State, one of the four that is discussing “prohibit government entities, commercial entities and healthcare entities from paying ransoms in cases of cyber incidents and ransomware attacks“.
The state of Pennsylvania, meanwhile, received a bill from Senator Kristin Phillips-Hill, which seeks to “decourage some ransomware attacks.” According to her, “if cybercriminals are rewarded for their efforts, they will simply continue to launch ransomware attacks“, told CSO Online.
According to NBC News, US government energy secretary Jennifer Granholm said she supports these projects and believes that dealing with cybercriminals only encourages them to continue operating illegal campaigns and that companies must take responsibility and notify the government when they are attacked, “for the good of the country”.
“Many of these private companies don’t want people to know. They shouldn’t be paying for data ransoms, but they should let us know so we can protect the rest of the country. […] I don’t know if Congress or the president is at that point. […] But I think we need to send this strong message that paying for ransomware only aggravates and accelerates the problem, encouraging bad actors“, said the secretary, at a press conference.