War-gaming this, what if it were legal to pay out bounties with the ransom amount as a war-chest to collect scalps of hacking groups, or damage their reputation or operation in some way?
This tit for tat type response would seem to be more consistent with how governments respond to terrorism, so I'm assuming it would be better to deter future hacks.
Attribution is easily deflected. You really don't want to recruit mercenary vigilantes to respond to a false flag operation.
> This tit for tat type response would seem to be more consistent with how governments respond to terrorism
Lol. Not a selling point these days.
The US has always had a very strange policy of criminalizing hacking, regardless of intent.
Places like Russia and Israel look the other way as long as the target is foreign, and we outsource our own phone forensics to the latter (Cellebrite). Thus, Israel has a better understanding of our own vulnerabilities than we do.
So you never know who you're up against given some ambiguous heuristics. As retribution, you might end up inadvertently attacking an "ally." It's safest to keep us disadvantaged.
This tit for tat type response would seem to be more consistent with how governments respond to terrorism, so I'm assuming it would be better to deter future hacks.