Arthur T Knackerbracket has found the following story:
The FBI is easing up a bit on its hardline stance against paying ransomware demands.
The Bureau has posted an updated version of the guidance it offers for companies on how to handle ransomware demands with a section discussing the option of paying the hackers to get data decrypted.
In short, the FBI still says that companies should not cave to hacker demands and pay to have their data unlocked, but the bureau acknowledges that paying is an option.
"Paying ransoms emboldens criminals to target other organizations and provides an alluring and lucrative enterprise to other criminals," the FBI's guidance reads.
"However, the FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers."
[...] In other words; it's not advisable to pay ransomware demands, but you won't get in any trouble if you do.
(Score: 1, Interesting) by Anonymous Coward on Saturday October 05 2019, @09:55PM
Paying a ransom is, generally, legal. However, you can be charged with a crime under a couple of related charges. For example, if you pay for a ransom to someone you know is an enemy of the state, a recognized terrorist organization, "axis of evil," or certain other recipients along those lines, you can be charged with those crimes. In addition, reliance on the FBI would not get you off the hook for those crimes directly, as it wouldn't negate the mens rea, but instead go to the attendant circumstances through specific intent.
I think the real reason for the softening of the language is because the FBI saying "don't do something" naturally leads to the idea that it is illegal, not that it is a bad idea for other reasons.