Once the well is sufficiently poisoned, no victim has an incentive to participate. They don't know if they're paying a defector or a cooperator.
No state can take this action. Any hero who does so will be prosecuted. But if they /dev/null their bitcoin address private key, they can rest easy that what they did was purely selfless.
Now it only costs the victim $10 to pick a random section and buy its key. If that works they can pick another and buy it’s key, and so one until they are confident the seller can be trusted and they can then buy the remaining keys.
Perhaps it is sufficient to simply ransomware the data in the first place and then refuse to give it back. Any measure that makes the victim immune to that will make them immune to the true ransomware folks as well.
It's usually ~$1000 per machine. Sometimes more for machines with big disks or depending on which active directory groups they're in.
That tells you that UCSF paid for data recovery on 1000+ machines probably...
That way, they could build up a sort of "reputation".
Isn’t a simpler solution insurance? The insurance company becomes a specialist in pricing and reducing this risk. And the malware writers become, in effect, ersatz pen testers.
Like a ban, you’re reducing the incidence rate. Unlike the ban, you’re extracting a public good from the ransom era’ work in the form of better infosec.
I think the bright spot of the ban would be that if it was legally enforced then all hackers would see this and quickly realize it wasn't worth the risk.
(Not sure if I'm for this 100% - but I think it is worth considering)
Interesting point. If this kind of insurance became widespread, that would be great news for the attackers.
It's mostly because there aren't a lot of good measurements for assessing how likely a company is to get hacked / hit by RW (I'm not a believer in infosec through Q&A / self-assessment).
These are of course growing pains and especially for SMB some form of insurance + cybersecurity tooling basics will be the dominating approach to managing cyber risk.
How does buying an insurance policy reduce the incidence of ransomeware?
I realize the perps say they just encrypted it, but if someone has root access to your computer, they can do whatever the hell they please.
Now, it might be good to insist on a rigorous chain of custody or you'll reject the results, in order to better incentivize security. That's an approach that has parallels in criminal justice: in the US it's (in theory) not good enough for a cop to produce incontrovertible evidence you committed a certain crime, he also has to have come by that evidence lawfully. But if it was going to save my life, I'd rather see a new drug approved in a timely manner rather than get held back on a technicality.
More generally, I'm happy to presume (as long as the data is password-protected, say) that scientific data that hasn't obviously been vandalized is trustworthy. However, in this case we have positive evidence of tampering, and therefore a good reason to be skeptical.
What is the total cost in terms of down-time, failing audits, disclosing to customers and employees that control of their data has been lost? Would that loss be greater than a backup solution? Has it become taboo in 2020 to do backups that can't be tainted by attackers or dodgy automation? It was not a problem 20 years ago. What changed?
If it's cost, even a low end gluster cluster  or Ceph with an archive read-only share that has rsnapshot  diffs for 5 days would mitigate this, assuming you know within 2 or 3 days to sound the alarm. Rsnapshot would run on the server. People would just see multiple folders with the last 5 days of changes. The snapshots would not be writable by employees or malware. To further reduce cost, perhaps de-duplicate data with ZFS or VDO . Everything mentioned here is open source and has multiple enterprise supported options that your engineering and IT staff are likely already aware of. If not, there are plenty of documents on integrating gluster into active directory.
 - https://www.gluster.org/community/
 - https://github.com/rsnapshot/rsnapshot
 - https://blog.delouw.ch/2018/12/17/using-data-deduplication-a...
An administrator told me the payout was something like $20M. (It was a very large hospital system.)