In a few of my previous articles I've railed against the idea of paying off ransomware criminals. As far as I can see, it rewards them for their criminal exploits and funds further ransomware attacks. I still struggle to believe it's legal.
But not only is it legal, you can also get insurance against ransomware attacks and the Association of British Insurers (ABI) has recently been defending such policies.
The ABI said that firms could face financial ruin without such insurance. That may be true, but it stinks of hypocrisy when so many insurance companies refused to pay firms who had insurance against Covid. Those firms faced financial ruin too.
It does not look as if governments are going to legislate against paying off ransomware attackers. I do however think it will eventually become less common because the insurance policies will eventually end.
Insurance companies offer such policies now because it is profitable for them do so, but the insurance companies are helping perpetuate the crimes and there will therefore be more of them occurring. This will result in more claims until we get the point where it's no longer profitable for insurance companies to offer such policies.
I expect they'll suddenly discover they have a different moral stance on the issue when that happens.