Our Events

View the Institute for Security and Technology's upcoming and past events.

To Pay A Ransom: Costs and Ethics of Paying Ransomware Demands

August 25, 2021 at 8:30 am PT

When Colonial Pipeline’s systems were hacked, the company decided to pay a ransom of $4.4 million in exchange for a decryption tool to restore their network. The Colonial Pipeline Company is one of many ransomware victims who have chosen to pay ransom demands; in 2020, per Chainalysis, targets of attacks paid an estimated $350 million, up 311% from the previous year. 

While some argue that paying ransom only encourages further criminal activity and boosts the profit incentive, others contend that in the moment, payment may be the only way to avoid costly disruptions to business, the shutdown of essential services, or the release of sensitive information. This event will explore the debate on payment of ransoms. Should paying ransoms be prohibited entirely? When faced with an attack, what should victims do? What considerations should victims of ransom attacks weigh when deciding whether or not to pay? And lastly, what should the private sector and government do in order to disrupt the “ransomware as a service” business model? 

Jen Ellis, Vice President of Community and Public Affairs, Rapid7

Ari Schwartz, Managing Director of Cybersecurity Services and Policy, Venable

Josephine Wolff, Associate Professor of Cybersecurity Policy, Fletcher School at Tufts University 

Moderated by Michael Daniel, President & CEO, Cyber Threat Alliance

This one-hour live virtual event and Q&A took place on Wednesday, August 25 at 8:30 am PT / 10:30 am CT / 11:30 am ET. This event was open to the public. 

Check Out IST’s Previous Events