Ransomware is becoming legitimized through acceptance of business risk. When accountants rationalize paying the ransom as a cost of doing business, it makes the act of providing the ransomware a security service. Just like any service, ransomware providers can be negotiated on price. Furthermore, we already have a set of laws that provide punishment for the consequences of ransomware. Legitimizing ransomware and making it a service can provide an economic benefit by allowing for the taxing of the recipients on top of the tax benefits the accountants have made by writing this off as a business expense.
Decriminalization of Ransomware
Before joining the University of Illinois Information Trust Institute (ITI) in 2011, Edmond Rogers was actively involved as an industry participant in many research activities in ITI’s TCIPG Center, including work on CyPSA Cyber Physical Situational Awareness, NetAPT (the Network Access Policy Tool) and LZFuzz (Proprietary Protocol Fuzzing). Rogers also has developed and delivers customized training on ICS defense at the TCIPG Summer School and to utilities directly. Rogers leverages his wealth of experience to assist ITI researchers in creating laboratory conditions that closely reflect real-world configurations. Rogers has spoken across the world regarding defense of critical infrastructure at conferences such as, Bsides London, H2HC, Blackhat, Defcon, BsidesLV, Troopers, BerlinSides and he is currently the president of Hackito Ergo Sum.