Hacker News new | past | comments | ask | show | jobs | submit login

and say they do make it illegal for state entities to pay ransoms... then what? what is going to happen when a ransom attack does happen? they contact the fbi... great... now what? how do they get their data back? what obligation does the fbi have to tracking down the gang and getting the data back? what's the time line?

see... the issue i see with making it illegal for state entities to pay ransoms is that you tie the hands of the victim without any guarantees that law enforcement will help and help in a timely manner. i see this as a lose, lose situation.




The point is that there's no incentive for hackers to target state entities.

Hackers can target state entities for other reasons, but no rational hacker would do it for the ransom, since there won't be any ransom paid.

The FBI can simply say "We'll never catch the hackers, but if you pay them you'll go to jail". It accomplishes the same goal of reducing the reward for hacking to zero.


ah.... yeah... they still will.

just cause they can't get a ransom, doesn't mean the data it's valuable as they can still sell it on the black market to carders and other gangs.

it's very ignorant to think that just because you cut off one area of revenue for these gangs that the problems will stop.


This works for targeted attacks, but doesn't work for untargeted, shotgun-ransom-ware attacks.

Shotgun attacks aren't discouraged if some X% of their targets can't/won't pay the ransom.


It seems this law is intended to benefit those with the most resources to implement the best security, leaving smaller businesses to pretty much pound sand.


You mean a pretty basic backup, that your grandma probably has enabled on her phone?


A backup won't protect you from full data disclosure.


You presume the attacker does not know the location of these backups.

Smart attackers do extensive research on their targets before performing the attack.


Isn’t this literally one of the reasons WORM storage solutions exist?


We have arrived at why "a pretty basic backup" is no longer feasible for...any business. A hard sell for a four person business with no dedicated IT team.


It's losing the battle but winning the war ...


Which sounds better to a general at HQ than to a private in a foxhole.


Sure, but to a general at HQ, 1 dead soldier is better than 10. The policy is devastating to that 1 soldier (and family), but that's not enough reason to adopt an opposing policy that would save the 1 but kill the 10.

Similarly, I can appreciate the logic in making American companies less likely to be targeted by ransom hackers, even if it means some companies are hit harder in the short term.


You've made the implicit assumption that it is acceptable and desirable for the government to sacrifice some companies to save some others. I'm not so sure that's the government's business, and it sounds a lot like a taking to me. Perhaps it is acceptable in the era of Kelo.


> You've made the implicit assumption that it is acceptable and desirable for the government to sacrifice some companies to save some others.

That's how governments operate. Every time a government "sneezes" is harms some companies and benefits others.


No, when governments provide public goods (their most widely-accepted role), they are not picking companies out for the gallows.


In that case I'm sure you won't mind if we repave all of the roads to my store twice as often and let the ones you rely on fall apart.


Roads are not exactly public goods, and can be 'club goods' or something between the two; the Wikipedia definition matrix has some nice examples, and the page is quite good overall: https://en.wikipedia.org/wiki/Public_good_(economics)#Defini...


OK, fair, although even with the example public goods listed in that Wikipedia page their provision in reality still does end up supporting certain companies and harming others - e.g. if I'm in the business of selling air purifiers, government efforts to reduce air pollution are going to negatively impact my sales.


I totally agree that government policy can shape the market, and my issue is not at all with that happening as a by-product of public goods, but only when it is a direct and deliberate action.


Got it. I think where I lost you was in your use of "picking companies out" - I didn't realize that you meant only intentionally as opposed to incidentally.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: