- David French, The National Review
Recent headlines make clear the threat posed by cyber criminals, especially those that deploy so-called ransomware. Although federal law enforcement has urged victims to report cyber incidents and generally recommends that victims not give in to a ransom demand unless all other options are exhausted, a recent report by IBM Security found that 70 percent of businesses infected have paid ransom.
The ransomware epidemic highlights a potential asymmetry of interests between cybercrime victims and law enforcement. The chief concern of a victim of a ransomware attack may be to regain access to business data and systems, even if paying the ransom funds the perpetrator and potentially leads to further attacks. Meanwhile, law enforcement has only a limited ability to assist a victim in incident response. How can cybercrime victims and law enforcement better work together to better protect victim interests and better advance law enforcement's work?