The Colonial Pipeline ransomware attack has brought to the foreground a problem that has long been simmering in our online, interdependent economic system. An entire economic ecosystem has evolved around ransomware. Private companies buy insurance and pass the cost on to consumers. When attacked, they use their insurance money to pay off the underworld heisters. This vicious cycle will keep growing until Congress passes a law forbidding any private company from paying ransomware. Congress needs to act quickly to protect our infrastructure and our economy. The Colonial incident is a shot over our country’s bow. We are lucky it wasn’t worse. It shows how brazen the thieves have become. It will not stop until Congress acts.
Ransomware exists because the software thieves know that private companies would rather pay a small amount than deal with a computer meltdown. Most large companies already have ransomware insurance, which makes the decision even easier. The cost gets passed on to consumers, creating a huge drag on our economy. If paying ransomware were illegal, then the hackers would have no potential reward and this extortion game would collapse like a house of cards.
It will take some time for the ransomware thieves to realize that no more ransom will be coming from the United States. Congress should create a special fund to reimburse companies that are victims of ransomware during the interim period. But the important point is this: None of this money would go to the thieves. Eventually, ransomware would disappear. Whatever payments Congress would have to make to reimburse companies would be a fraction of the economic drag ransomware is currently creating on our economy, paid by consumers.
