Here’s why paying ransomware hackers might actually not be that bad

Insurance and tax breaks could encourage victims to pay attackers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Even as the FBI is actively discouragingransomwarevictims to not pay cyber tormentors, the US government may indirectly be incentivizing the payments by treating them astaxdeductible.

Several tax lawyers and accountantstold the Associated Pressthat while the US’ Internal Revenue Service (IRS) doesn’t have separate guidance on ransomware, victims can claim these as “ordinary and necessary” business expenses.

“I would counsel a client to take a deduction for it,” a corporate tax attorney with Alston & Bird, Scott Harty, told the Associated Press.

Don Williamson, a tax professor at the Kogod School of Business at American University, wrote a paper about the tax consequences of ransomware payments in 2017, and agrees that thegrowing number of ransomware attackshave indeed helped businesses claim the payments as ordinary business expenses.

Not a solution

FBI Director Christopher Wray recently testified before Congress, reaffirming the agency’s position that businesses should not give in to the demands of their attackers.

Despite this, Neustar recently discovered that over half of attacked businesses wouldsimply pay their attackersand regain control of their networks, instead of prolonging the downtime, which could have a detrimental effect down the supply chain depending on the nature of their business.

Furthermore, in addition to the guidance from law enforcement agencies, a section ofcybersecurityexperts have long discouraged the payments, arguing that these only embolden the criminals and lead to more ransomware attacks.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

This was underlined by a recent Cybereason survey, which revealed that over 80% of victims who pay aransom are targeted again- often by the same ransomware operators.

But the tax deduction now emerges as another incentive, which although not very well-known, nor regularly exercised, indirectly neutralizes the guidance and recommendations of law enforcement agencies and security experts.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

ICYMI: the week’s 7 biggest tech stories from Kindle Colorsoft yellowing woes to our PS5 Pro review