Earlier this year, the former CEO of the UK National Cyber Security Centre (NCSC), Ciaran Martin, spoke on the ransomware issue, arguing that it is being fuelled because there is no legal barrier to ransomware victims paying and then claiming back the expense on insurance. He argues that this means victims are incentivized to pay and believes that the time has come to look at changing the law on insurance to ban ransomware payments. This debate is likely to continue to divide opinion, but there is no doubt that paying ransoms is a fundamental reason why ransomware has increased in recent years. Whatever decision is made, it is certainly worth evaluating the implications of criminalizing payments, and weighing up the pros and cons.
Source: The Case For and Against Criminalizing Ransomware – Infosecurity Magazine