To Pay A Ransom: Costs and Ethics of Paying Ransomware Demands (hosted by Institute for Security & Technology)
When Colonial Pipeline’s systems were hacked, the company decided to pay a ransom of $4.4 million in exchange for a decryption tool to restore their network. The Colonial Pipeline Company is one of many ransomware victims who have chosen to pay ransom demands; in 2020, per Chainalysis, targets of attacks paid an estimated $350 million, up 311% from the previous year.
While some argue that paying ransom only encourages further criminal activity and boosts the profit incentive, others contend that in the moment, payment may be the only way to avoid costly disruptions to business, the shutdown of essential services, or the release of sensitive information.
This event will explore the debate on payment of ransoms. Should paying ransoms be prohibited entirely? When faced with an attack, what should victims do? What considerations should victims of ransom attacks weigh when deciding whether or not to pay? And lastly, what should the private sector and government do in order to disrupt the “ransomware as a service” business model?
Jen Ellis, Vice President of Community and Public Affairs, Rapid7
Ari Schwartz, Managing Director of Cybersecurity Services and Policy, Venable
Josephine Wolff, Associate Professor of Cybersecurity Policy, Fletcher School at Tufts University
Moderated by Michael Daniel, President & CEO, Cyber Threat Alliance