Nobody likes to be held hostage. I get it. I do. But when it comes to ransomware I’ve said from the beginning – and now others are starting to say it to – this is not personal: its just business.
Find me someone who says “Don’t pay the ransom! Never pay the ransom!” and I’ll show you someone whose never been infected with ransomware and doesn’t have the fate of their business – and everyone who works for them – hanging in the balance. City administrations like Atlanta and Baltimore can take the high ground because its not their money. They’re civil servants who will have a job whether a ransom is paid or not. Hell, they’ll probably get bigger budgets and increase the size of their fiefdoms because of it.
The ransomware market already exists, just like armed robbery exists. No one says strike your best Bruce Lee pose when accosted by a mugger: that’s a great way to get shot. No, you hand over your wallet and live to file a police report. Trying to bring morals into the mix is a great way to make victims feel bad about being victimized. Drawing parallels between “we don’t negotiate with terrorists” falls apart when you realize that that’s a position only a nation-state can hold.