I've never heard of a business being scammed by a vendor through ransomware. When businesses choose vendors, they do it with legal contracts enforceable in their jurisdictions.
Vendor-based scams are what this thread and this article is about. The root quoted that An0m was a 'trick' that couldn't be repeated again. My point is that legitimate businesses would have never had to worry about such tricks, being scammed by a vendor like this is a problem unique to illegal businesses.
Though I think there are actually at least two discussions being had here, apparently talking past one another:
One, that a vendor which promises some service but fails to deliver on it, as An0m did here, would be subject to civil claims for fraud or false representation. This seems to be your general argument.
Another is that any given business has concerns over surveillance and privac breaches, whether from law enforcement or other entities, and that any use of digial communictations and data systems exposes them to this risk. Paper-based systems have, of course, far lower capabiliies to data processing, but also to data exfiltration*.
Both are risks.
You're focused on one. Others take a broader view, myself included.
That's fair. But I still don't think the situation translates; businesses have significantly more options for mitigation and less downside risk. They're likely not going to prison if they have a data leak, and they have access to good information and the world's most reputable vendors for solutions to those problems.
Outside of exceptionally high risk (or exceptionally low revenue) businesses , I don't think many are going to choose to go back to paper. Although, we may see more systems being air-gapped, virtualized, or using other forms of isolation. The types of enterprises that could afford the labor cost of using paper can also afford the price tag on digital solutions that do a good job of mitigating those risks. Most breaches, ransomware attacks, etc are things that could have been prevented. Rarely do incident response crews say "this company couldn't have done anything to prevent this"
Additionally, legitimate businesses have customers that will demand that they use digital solutions. Criminals dealing with other criminals might be willing to use paper to mitigate risks. Customers of established B2B or B2C companies will not.
So, yes, one of the core benefits of operating (mostly) inside the law is, well, operating inside the law. Including availing yourself of the law's protections. Criminals are in many cases "outlaws", in the original sense of being outside the scope of legal protections.
There are some limits to this, of course:
- There are people who have little choice but to live outside the law (undocumented aliens --- perhaps emigrating as children, petty criminals, the poor, those living in corrupt societies), who nonetheless have very legitimate criminal complaints against others (theft, robbery, assault, rape, etc.). In many cases, such people are victimised by both criminal and law-enforcement communities.
- There are generally-lawful businesses which engage in illegal acts. HBSC serving as money-launderer to the Mexican drug cartels, Google knowingly engaging in illegal pharmaceutical sales and imports to the US, as two instances. More generally, wage, labour, and safety infractions are highly probable among any business.
Either way, "lawful business" isn't a strict binary, it's more a heap of sorites.
In the case of An0m, the sting itself was putatively legal (I'm not fully agreed with that, I'm positing that for this argument), in which case the argument for fraud or contract violation is ... well, something of a long shot. On the other hand, the targets of the sting have little to lose.
The case with paper is that the costs and risks are very well understood, in ways that the risks and costs of digitisation are not. And to a very large extent, business likes certainty.
There may be measures which can be taken to minimise the risks of digital business-management systems. I'm not entirely sure what those might be, though anything which greatly increases data frictions would likely be a benefit. I suspect this particular discussion will be ongoing for years and decades, though it's possible that specific major events might precipitate change. I'm trying to think of analogues from other domains. Disease, hygiene, and predator-prey relations come to mind.
