> considering the order of magnitude of place that do not receive a ransom compared to places that get ransomed, the cost is probably on the security side.
And if ransoming is profitable, what does that do to the market? Does it a) inhibit more ransoming or b) encourage more ransoming?
> but you apparently define due diligence as "not getting cracked,"
Don't misrepresent me - here's what I actually said: "The process of potentially hammering them legally would involve them being taken to court where their level of culpability would be decided (and it may be they did do enough so get let off..."
An alternative is that by working together with law enforcement you can use the interactions with the criminals (together with tracking the money) to better understand the criminal organizations.
How is this different from making it illegal to give your wallet to a thief at gunpoint?
(obviously here there is the difference of personal harming which correctly resides at a different level; at the same time the stance of non-negotiation with terrorist organization was also justifiable in my opinion.
If what we can agree on is that you must way for the permission of law enforcement before you pay ransom so that they can reasonably confirm you are not inadvertently funding ISIS and also put in place all available precautions that is already a step forward.
Nobody think that paying ransom is a good thing that should be done as soon as possible. At the same time not everything is a nail.)
And if ransoming is profitable, what does that do to the market? Does it a) inhibit more ransoming or b) encourage more ransoming?
> but you apparently define due diligence as "not getting cracked,"
Don't misrepresent me - here's what I actually said: "The process of potentially hammering them legally would involve them being taken to court where their level of culpability would be decided (and it may be they did do enough so get let off..."
So they can be let off. It says clearly.