When I was working with my friend and digital forensics expert, Professor Darren Hayes, on preparing an instructor-led, virtual ransomware training course several months ago, I noticed that the threat landscape and number of such attacks wasn’t just changing and increasing,[1] but that the discussion about whether paying a ransom after such an attack was legal or not was evolving.
The answer of whether you can pay or ransom or not depends on an emerging body of law and guidance. Let’s take a quick peek and see what is going on here.