Should You Pay Ransomware Attackers to Save on Tax?

Some accountants are claiming that ransomware payments are tax-deductible. So, should you pay the attackers?
Written by
Published on June 23, 2021

Ransomware attacks are increasingly prevalent in 2021 and, with a number of high-profile attacks in recent months, you’d be forgiven for thinking that these attacks are simply the cost of doing business nowadays.

When you get locked out of your computer by a ransomware attacker, you feel hopeless — but, of course, that’s the point. However, some creative accountants are claiming that businesses can actually use ransom payments to lessen their tax bills. And, with the average data breach costing more than $3.5 million, paying a ransomware demand could be a lucrative tax-deductible.

But is this actually a good idea? Or is it a poorly thought-out attempt to make the best of a bad situation?

Can You Lower Your Business’ Tax Bill by Paying a Ransomware Demand?

In the US, businesses can claim money stolen by extortion — such as paying a ransom — back on their tax demands. In the eyes of some accountants, this could provide a silver lining for affected businesses.

In fact, the IRS in Revenue Ruling 72-112 stated that ransom payments qualify as a theft loss deduction as long as the extortion was illegal in the state where it occurred. However, any costs that are covered by insurance are, sadly, not deductible. Of course, the amount that can be deducted from a business’ tax bill depends on the size of the ransom, the business’ earnings, and a host of other factors.

If you’re an individual taxpayer, however, ransom payments are not tax-deductible. In fact, according to IRC Section 165(c), taxpayers can only deduct the cost of non-business-related data breaches if the loss arose from a casualty such as a fire, storm, shipwreck, or theft. What’s more, when Congress passed the Tax Cuts and Jobs Act 2017, they stated that casualty losses can only be considered deductible if they are attributable to a federally declared disaster. So, in short, never.

Should you Pay a Ransom Demand?

Absolutely not — while it might seem to be the only way out for businesses or individuals, paying the ransom is no guarantee of a return to normality, tax savings or not.

“The FBI does not support paying a ransom to the adversary. Paying a ransom does not guarantee an organization will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after having paid a ransom,” the FBI says. “Paying a ransom emboldens the adversary to target other organizations for profit, and provides for a lucrative environment for other criminals to become involved. While the FBI does not support paying a ransom, there is an understanding that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers.”

In fact, ransomware attackers have become so emboldened that, according to BitDefender, the number of attacks jumped by 715% in 2020 — yes, 715%. Ransomware attacks now make up more than 80% of all financially motivated cyber attacks.

Ransomware attacks have become so lucrative that some attackers function more like companies than lone hackers or criminal gangs. The DarkSide gang which shut down the Colonial Pipeline last month reportedly operates using a “ransomware as a service” business model. DarkSide, rather than carrying out the attacks itself, develop the software needed to carry out an attack and then sells that software to third parties to do the dirty work.

Can You Stop a Ransomware Attack?

Yes, and you’d be surprised how easily ransomware attacks can be prevented — for businesses and regular people alike.

VPNs, for example, can hide personal and business data from the prying eyes of ransomware attackers. By routing your traffic through secure servers, you essentially become anonymous online — making it all but impossible for attackers to work out where the traffic is coming from and, as a result, who they should target.

Perimeter81, for example, is a great choice for businesses looking to secure their data. It operates a zero-trust model which mandates that anything inside or outside of your organization’s perimeters has to verify before connecting to the network — giving you complete control of all your data. What’s more, Perimeter 81’s pricing starts from just $8 per month, per user — significantly less than the cost of any data breach or ransom payment.

For individuals, we would recommend NordVPN to protect against ransomware attacks.  You’ll be able to route your data through more than 5,000 servers around the world without impacting your internet speeds too much. What’s more, NordVPN is cheap, and you can get started from just $3.71 per month.

0 out of 0
Price From
Lowest price for single month subscription to cheapest paid tier. Other plans are available.
Verdict
No. of Devices
Zero Data Logging
Kill Switch
Email Support
Live Chat
Free Trial
Try
Click to find the latest offers, deals and discounts from the VPN provider

NordVPN

IPVanish

PureVPN

Private Internet Access

TorGuard

Windscribe

Proton VPN

CyberGhost

ExpressVPN

$2.99/month
Up to 67% off!

$2.99/month

$2.11/month

$1.63/month

$9.99/month

$3.00/month min. ($1 per location)

~$4.87 per month

$2.19/month

$8.32/month

Super fast and easy to use, NordVPN is among the best we’ve tested. Advanced features like Onion-Over-VPN make it stand out from the crowd.

A fast VPN that performed well on our speed tests, and also owns a lot of its own server infrastructure.

A safe, simple, outstanding VPN, with thousands of servers dotted across almost 70 different countries.

Affordably priced ultra-secure VPN that has great privacy features but is a little slow.

A reliable, widely-used VPN that has decent privacy controls, but it performed very poorly on our speed tests.

A decently-priced VPN that does all the basics well, but has an incredibly small server network compared to PureVPN and Co.

A decent option for seasoned torrenters, but a little pricier than PureVPN and Private Internet Access.

A user-friendly VPN based in Romania with servers optimized for streaming, but no obfuscation technology.

A highly reliable VPN with servers in more than 100 countries – but it comes with one of the heftiest price tags on the market.

6

Unlimited

5

Unlimited

8-12

Unlimited

10

7

5

30-day money-back guarantee

Yes (iOS and Android)

30-day money-back guarantee
See Deals See Deals See Deals See Deals See Deals See Deals See Deals See Deals See Deals
Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Tags
Written by:
Tom Fogden is a writer for Tech.co with a range of experience in the world of tech publishing. Tom covers everything from cybersecurity, to social media, website builders, and point of sale software when he's not reviewing the latest phones.
Explore More See all news
  • Ring Users Net $5.6M in Privacy Breach Settlement, Redeem Today

    Did you have an indoor Ring camera or similar Ring device?...

    Adam Rowe -
  • Tech Companies That Will Pay Off Your Student Loan Debt for You

    These businesses are committed to alleviating the stress of...

    Conor Cawley -
  • FTC Says ‘Work For Whoever You Want’ in New Ruling

    The ruling applies to the majority of employees across the...

    Conor Cawley -
  • These Companies Give Their Employees Free Mental Health Days

    Here's a round-up of companies that let you take a day off...

    Isobel O'Sullivan -
Back to top
close Step up your business video conferencing with GoToMeeting, our top rated conferencing app – try it free for 14 days Try GoToMeeting Free