In this chapter, we will discuss the legal consequences related to ransomware recovery and payments. No one wants to pay a ransomware extortion demand. Most, if not all, law enforcement agencies and many experts recommend not paying the ransom, as it only encourages future ransomware extortion events. Most, however, understand paying the ransom may be the best financial decision for a victim (organization) involved in a ransomware recovery event.

It's important to understand not only that paying a ransom but simply being involved in helping someone else to recover from a ransomware event may create legal jeopardy in some countries, states, or with regulatory entities. Let me say that again: simply helping someone else recover from a ransomware event can result in legal consequences! Most people, if they know of the legal jeopardy issues surrounding ransomware, think it applies only if you pay a ransom, but it also clearly applies to anyone helping to recover from a ransomware event where the victim is paying the ransom. More on this below.

Since most ransomware extortion payments are paid in bitcoin, it can be helpful to better understand ...