There’s some interesting game theory at play here.
The idea is to make the public sector and CNI (which includes utilities and datacenters these days) less attractive targets for financially motivated attackers.
Indeed it’s about time a major country try out if this works. Should it prove successful, others could follow suit. However, it’s exactly this prospect which could make it all fail. Why? Once the UK enacts its law, the major ransomware gangs (and the occasional government backing them) could have a major incentive to target the UK’s systems extra hard. This would not make the gangs any money, of course. Rather, the purpose would be to deter the rest of the world from employing the same approach, lest this source of income dry out, too.
While that sounds reasonable in theory, in practice it seems unlikely. It would require widespread cooperation, thinking long term, and giving up on easier, more lucrative opportunities now. Given how bad regular businesses are at any of these, I doubt illegal businesses would fare much better.
I would immediately agree if the gangs were utterly fragmented away from each other.
However, many of those gangs simultaneously constitute an asset for the government of their respective country.
Case in point: In Russia, things take the form that the government lets the gangs do their stuff, but they have to attack government-chosen targets every once in a while. So there is already structure for coordination. What it would take is for the Russian government, or maybe even just one of its rivalling intelligence agencies, to conclude that making an example out of Britain has become important. Still more interesting game theory lies here: Russia’s government and agencies needn’t even hope to participate in any ransom payouts at any time – just perpetuating the gangs’ damaging of European economies is already heavily in their interest. They have a cyberwar budget anyways.
However, I know far too little about the economic magnitudes involved here to say anything with certainty.
Wait. I’m not in this IT Security business and not very informed but… Do people, and even public sector organizations, actually pay ransoms on ransomware?
I just assumed “ok goodbye data let’s call it a day” but never looked into it.
There was a time where ransomware groups would decrypt your files if you paid up. Which was often cheaper than restoring an old backup or not having any
At some point, groups started not “honoring” the decryption promise. Which made everything a lot more uncertain
Good! Maybe they’ll start taking security seriously…
Think you’ve got the wrong community mate. This isn’t the outlandish fantasy Dreamworld community.
