> Does anyone believe that if the registering the DNS address had bricked the NHS systems, the NCSC would've taken the fall?
Since you seem to take the possibility seriously, what benefit would the authors of ransomware derive from that? Some sort of game theoretic red-wire to slow down forensics?
Anti-tampering mechanisms on C2 systems, using the data/computer as a hostage. You're not trying to slow down analysis, you're creating a consequence for tampering with DNS C2 records.
I think malware authors derive a game theoretic advantage by having tampering with DNS C2 systems result in data loss, because a non-trivial portion of people will prefer to pay and retrieve their data. Some of the frustration from that will be pointed at the people who actually tripped the switch.
Further, because of the current legal status, if a security researcher issues the command to the DNS C2 system that deletes the data (by messing with the DNS records), not the malware authors, they're quite possibly liable for the data loss, going to face hacking charges, etc. (Hacking charges because they knowingly issued commands to malware that gave them unauthorized access to computer systems.)
I don't believe that security researchers should be the ones making that call -- I think the only sane way to make it is through collective mechanisms like government.
Read my other comments for a more nuanced view discussing how it would play out in the real world, with changes relegated to particular networks and trade groups making deals for systems under their control.
But the only groups that should be able to authorize decisions about other people's things (free of liability or possible prosecution) are groups under collective control, ie governments.
Since you seem to take the possibility seriously, what benefit would the authors of ransomware derive from that? Some sort of game theoretic red-wire to slow down forensics?