Additional literature on the topic[0]. The finding is that any payment at all is sufficient for the operation to continue. This makes sense for ransomware was well since the marginal cost of hacking additional targets is effectively zero.
The major ransomware operations are targeted and the hackers do research the victims. They use spear phishing, so they need to know their victim. Unless the ban is universal and consistent so that hackers can modify their behaviour before they hack a target, there is no point in doing it. The US treasury announcement about not paying ransoms is just such a pointless terrible idea.
The major ransomware operations are targeted and the hackers do research the victims. They use spear phishing, so they need to know their victim. Unless the ban is universal and consistent so that hackers can modify their behaviour before they hack a target, there is no point in doing it. The US treasury announcement about not paying ransoms is just such a pointless terrible idea.
[0] https://rusi.org/publication/occasional-papers/closing-gap-a...