Yes.

Making it harder to receive payments is difficult because it would need huge regulatory changes and global cooperation and a lot of infrastructure. We have already had a lot of changes to prevent fraud and money laundering and they are expensive and time consuming for innocent people (have you tried making a bank transfer to a new recipient through a UK bank lately?) while not being more than a inconvenience for criminals.

On the other hand we can enforce laws banning people from paying ransoms are they are typically organisation that do have systems to monitor where money goes anyway.

A ransom itself is not illegal. It is just a fee paid to mitigate an imminent threat. I operate services which--if I would retract them--would cause clients to suffer severely in their processes and maybe even cause their bankruptcy. They pay monthly fees to keep the services up and running. Is that payment a ransom? No, because both parties agreed to it. Do the clients feel they are held in a hostage position? I don't know, maybe. But I know that the situation sometimes eases negotiations.

The same with the recent ransomware attacks. The only unlawful action is the third party getting access to the computer systems. The payment itself is not illegal if both sides agree on it on a business level. And in some jurisdictions the agreement to pay may even invalidate the illegality of the act of getting computer access because the agreement is an implicit acceptance of the fact they were hacked.

Hello,

while not being more than a inconvenience for criminals.

And here come all the magic of Bitcoins ...

Making it illegal would simply make it go underground. As it stands it is one or both a matter of insurance and a matter of shareholder risk. And it is visible.

One little bit that seems to have passed folks by in the recent gas line episode is that it was that immediately following the ransom payment that the crackers funds were seized.

And that the company used their own backup ‘as faster’ than the received decryption. Paying distracted the crackers from further detrimental action while backups and hardening were in progress.

As with many things business insurance cost may well be the best lever to get folks to improve their systems security.

The war on ransom payments!
Ah, yes, let’s channel the war on drugs shall we? Let’s not.

@lammert, there is a big difference between a commercial contract and a criminal act,

As for demanding the money not being a crime in itself, it sounds like extortion to me, which is a criminal offence in itself.

Extortion where I live is only a criminal act if there is violence, or a threat of violence. They don't delete data, they just make it (temporarily) inaccessible. As long as the hackers pose as businessmen, the only laws which apply are laws about unauthorized access to digital information. They know the loopholes. That's why it is a flourishing business model currently.

And here come all the magic of Bitcoins ...

Yes the magic of a block explorer that allows you to track exactly how transactions flow through the network. It is anonymous in the sense that there is no name directly linked to the wallet, but it is fully public in that every transaction ever made is visible to anybody who wants to make the effort to find it.

One little bit that seems to have passed folks by in the recent gas line episode is that it was that immediately following the ransom payment that the crackers funds were seized.

What wasn't clear was who seized the funds? (At least the last I heard/read) Was it the authorities (NSA,FBI) or was it someone in the criminal organization?

Here is a video showing how you can trace transactions:
[youtube.com...]

The subject header makes me think of one of the prime contenders for Dumbest Law Ever: making it illegal to pay ransom to kidnappers. (Such laws are actually on the books in some places.) It's based on the premise that X is a bad thing, so we'll outlaw X and then it will no longer happen.

When all else fails, punish the victim.

That's why it is a flourishing business model currently.

Could we instead say..
That's why it is a flourishing crime model currently.

Now now.
Just because it’s a crime in the jurisdiction in which it occurred doesn’t mean that it’s necessarily a crime in the jurisdiction from which it was undertaken...

Rule number 1:
Receive a wink wink and a nudge nudge and an oral letter of marque and reprisal...

Rule number 2:
Never ever engage in the extortion and ransom of those flying the Cyrillic keyboard or resident in nations of same.

Rule number 3:
Never ever forget the payola.

Reach out and touch someone.
Ah what 60 years difference has wrought...

Hello,

Yes the magic of a block explorer that allows you to track exactly how transactions flow through the network.

I was answering @graeme_p, who was reporting how it's becoming harder to use a bank account, so I do not understand the motivation of your comment.

Extortion where I live is only a criminal act if there is violence, or a threat of violence. They don't delete data, they just make it (temporarily) inaccessible.

Making it inaccessible may count as damage to property, enough to make it extortion where I live. If not it just gets classified as blackmail instead which has the same penalties.

I think you have a point about whether it is a crime in the jurisdiction it is done from, but the really big problem is uncooperative jurisdications and those with poor law enfircement.

Hello,

When all else fails, punish the victim.

Indeed.

Banning ransom payments and making them illegal boils down to this:
It is only illegal if you are caught.

@marshall that applies to anything. Murder is only illegal if you are caught.

Hello,

Depends on who is ordering the murdering ...