Personally we were idiots. We had very weak passwords that were used on multiple machines and there were rdp ports open. Simply blocking the rdp ports by ip and then moving to a VPN with no ports open was enough. Then we set a different admin on each computer with a unique random password. Imo this is how they break in. They just find the next idiot. We are not talking about investing in security. We are talking about companies that just completely ignore security. We are just talking about basic things.

I just don't get it. Don't pay them and they will go away. The best defense is good security practices along with regular backups. This is coming from someone who was attack. Use unique random passwords. Block sensitive ports especially rdp. Use a VPN. Regularly backup.

>I think bitcoin is a little secondary to this conversation. Someone could convert X dollars to bitcoin and it's hard to track, but just taking X dollars out of an account needs to be accounted for just as if someone took it out to cash.

The expense could easily be itemized as a security expense. Data recovery expense. If they really wanted to get creative then they could list it as any old expense like employee's party or who knows what else. If a receipt is a problem then they can just pay said employee a bonus and he could convert it. There are plenty of ways. If the payment is done in conventional ways then it can be stopped usually.

Yes that is what I am saying. The premise of any law is that it can be enforced. It's true that bitcoin wallets are public info and many of their owners are known. Yet the only real way to enforce is with blocking bank accounts and banning certain types of credit card vendors much like gambling houses do. The only way to enforce ransomware payments would then be whistleblowers. I got news for you. Unlike license violations where the company pressures it's workers to break the law and the employee has no benefit, in the case of ransomware payments the employees are usually at fault and will be in no hurry to have their name out there since they likely suggested to pay it in the first place to cover up their mistakes.

​

Another issue is the size of the transfer. I have never paid for ransomware (so I don't know the price) but if the ransom is say less than 10k USD then it can be hidden in such ways but if it gets to be more then really there will be no way to hide it. This is where terrorists get stuck imo. Of course terrorists already have their money in bitcoin so it's likely less of an issue.

I kind of think that this is irrelevant. I have been part of two ransomware attacks and in both cases the only way to pay was bitcoin. I strongly discourage any form of paying ransomware attackers but those that do pay will not be stopped by any law.