Will there be a legal ban to pay Ransomware?

MSSPAlert.com reported that “While the Cybersecurity & Infrastructure Security Agency (CISA) has come out against paying ransoms, the director of the organization stopped short of saying that the government should ban such payments.” The July 9, 2024 article entitled “CISA Advises Against Paying Ransom, But Rules Out a Ban” (https://tinyurl.com/bded2hsy) included these comments:

CISA Director Jen Easterly recently made her position on ransomware payments known at the Oxford Cyber Forum, as reported by Security Intelligence. However, Easterly didn’t go so far as calling for a ban on paying ransomware demands.

“I think within our system in the U.S. — just from a practical perspective — I don’t see it happening,” she said.

Backing up that assertion, the Ransomware Task Force for the Institute for Security and Technology does not support a ban on paying ransom, according to Security Intelligence. The task force reasoned that small businesses typically cannot withstand a lengthy business disruption and might go out of business after a ransomware attack, and this could disrupt the wider response to ransomware threats.

What do you think about this?