No those are not similar cases. Yours is urgent, violent, tiny scale, and individual level. The individual doesn't have any agency in this situation. The alternative is get shot and robbed.
If a corporation is unable to pay a ransom then the incentive to do the ransomware attack immediately drops.
Cracking down on perps would be nice, but is not feasible.
No. I can’t believe this needs to be explained, but the two situations are remarkably alike. If all of a corporations data is being held to ransom, there is no choice in the matter, they must pay. You’re talking like losing all their customers or IP or shutting down the corporation wouldn’t hurt anyone but it would hurt all their employees at the least.
What such an idiotic, short sighted policy would do is to encourage corporations to pay the ransom in secret. This only strengthens the hackers because now law enforcement has no idea who is being hit, when, and with what malware.
Then a bunch of employees will have to find new jobs and some people have their retirement savings drained because it was illegal to pay the ransom and the business shut down. Society will move on. No long-term loss.
The same can be said for highway robbery. It happens in my country and people say well it’s just a tax you have to pay for taking that road. Since the victims are businesses handling goods, the robbery fee is priced into imports and we all pay extra. It can’t be priced into exports because we are too negligible of an exporter, so instead workers in that industry are paid less and there is less money left over to invest so our growth lags behind other counties. Overall the whole country suffers, all because of a few thousand bandits sitting in the forest near the border.
But hey… our society moved on, so you’re right about that: you can definitely live with it.
That's like a 40,000 foot perspective. As a sibling comment says, what about hospitals?
The total value of the stock markets didn't seem to suffer from Covid-19. But people have.
Maybe your point is that unrestricted ransomware shouldn't affect GDP? I'm honestly not sure. Doesn't there have to be a limit? Civilization depends on trust. Sometimes there are critical points.
Here are two representative arguments that I got sick of hearing and pushed me into the negative Kelvin:
1. Green energy requires too few employees per gigawatt compared to coal
2. It would be irresponsible to pursue a policy of a sharp correction toward affordable housing prices because it would push too many elderly into poverty
That would be true if it was possible for any company to have perfect processes, but that’s not the case. Companies are run by real people with real flaws and a perfect system doesn’t exist.
That's like saying "Right now it's cheaper to not have locks so lets punish the homeowners who don't lock their doors instead of punishing the thieves and robbers"
Yes, security and backup measures are critical and companies SHOULD be scrutinized for those things especially if you deal with mission critical data/information. But that has nothing to do with Ransomware Gangs.
"If all of a corporations data is being held to ransom, there is no choice in the matter, they must pay"
This sounds reasonable at first, but I think it might be leaning on anthropomorphizing a corporation a little much.
I think of them more as a machine, or a biological cell or microbe.
While it may be a machine optimized for survival, I'm not sure that they all are or that they must be.
An organism can self-destruct if that's what it's programmed to do.
And an organization in theory should be able to maintain processes that result in orderly self-destruction in certain circumstances, where it's appropriate in the wider society.
After all, companies typically go bankrupt rather than devolving into gang warfare, right?
A "humans first" society should not be prioritizing the survival of human created organizations above all else.
Many ransom payments don't even release the ransom.
If paying in secret is a crime, with whistleblower opportunities, then paying in secret is not so easy. Forbidding payments will massively decrease the value of doing the attacks and reduce the number of them.
"unable to pay" is not the same as "should be illegal"
The perps don't give a shit about what is legal and illegal. They target preys that are vulnerable but have critical functions (e.g. a Hospital network). It is not just about individuals. If a Hospital Network gets attacked and has serious consequences, they won't do a board meeting to discuss "Gee, paying ransomware is illegal. We must say No. ".
I am not advocating that people should just pay but we cannot punish the victims even if the victims were careless (bad security practice etc).
If a corporation is unable to pay a ransom then the incentive to do the ransomware attack immediately drops.
Cracking down on perps would be nice, but is not feasible.