Ransomware
Ciaran Martin, the founding CEO of the UK's NCSC, famously opined last year in national news that ransom payments should be banned, with the resulting debate quickly reaching fever pitch. He argued that many of the arguments against the ban were "terrible," closing the short piece by saying simply: "We have to find a way of making a ransom payments ban work." Opponents argue that a ban would bring various unintended negative consequences that would worsen the way ransomware is handled. Arguments include victims possibly pursuing other illicit means to compensate ransomware operators or recover their data, which in turn may discourage their engagement with law enforcement. The standpoint is one that's adopted even at the highest levels, such as the Institute for Security and Technology's Ransomware Task Force. One of the co-chairs on that task force, security expert Jen Ellis, said in an online debate on the matter, hosted by the Royal United Services Institute (RUSI) last year, that the idea that policymakers can simply force organizations to become resilient to ransomware is "great" but "completely disconnected from reality."... Ellis and Jamie McColl, research fellow at RUSI, both also pointed out that, at the time, a small number of US states had banned government departments from paying ransoms with little to no impact on attack frequency.