May 21, 2021

CNA Financial, one of the US’s largest insurance companies, paid $40M to a ransomware extortion gang in March 2021

[]( link for those paywalled by Bloomberg: [$40-million-cyber-ransom,-Bloomberg-reports]($40-million-cyber-ransom,-Bloomberg-reports)

**It’s time for a law against ransom payments.**

This is a public-goods problem — individual companies find it economically attractive to pay ransom, which imposes externalities (greater risk of being extorted, because this encourages extortion) on others.

Executives it in a room and say “we’ll lose $xM in business if we’re down for a week, it’s cheaper to pay”.  That’s the same logic as dumping toxic waste, i.e. an individual company finding it economically beneficial to pollute the river behind its factory, imposing externalities (dirty water etc) on others.

The solution is to make laws against polluting, and likewise against paying extortionists.



I agree, precisely this makes ransomware attacks so tempting. Hit few big companies, one pays, you are set for years of no need to work… 40m USD equals to extremely comfortable life in some eastern European country…

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.