The Hawaiʻi Community College has admitted that it paid a ransom to ransomware actors to prevent the leaking of stolen data of approximately 28,000 people.
For paying both US and EU deem it illegal. In US it seems to apply to all businesses, in EU they have a list of “essential services”. EU can impose fines, US seems to discourage it, but only a few states adopted a law that allows imposing fines over certain amount paid.
Paying can be part of doing business especially if the data is related to the business itself and not customer data (most businesses don’t care about customer data). Hacker groups rely on their reputation so they are likely to not leak if they are paid the ransom. If they would to lose that reputation by leaking the data even after they got paid nobody would pay anymore and their attacks would stop being effective.
For paying both US and EU deem it illegal. In US it seems to apply to all businesses, in EU they have a list of “essential services”. EU can impose fines, US seems to discourage it, but only a few states adopted a law that allows imposing fines over certain amount paid.
Paying can be part of doing business especially if the data is related to the business itself and not customer data (most businesses don’t care about customer data). Hacker groups rely on their reputation so they are likely to not leak if they are paid the ransom. If they would to lose that reputation by leaking the data even after they got paid nobody would pay anymore and their attacks would stop being effective.