Hacking: should you pay ransoms in cryptocurrencies?
Ask AI TO SUMMARIZE ThIS ARTICLE

The French government would like to make it possible for insurance companies to pay ransoms. A proposal that has given rise to much debate.

Your 2 free articles this month are up

The research your peers are already leveraging

The Big Whale gives financial institutions the market intelligence, network, and platform to move with confidence in digital assets. Trusted by 150+ firms.

A dozen computers crashed, thousands of files inaccessible... In early September, Cyril's Paris-based start-up suffered an attack that paralysed its entire business. Since then, to restore the system, the hackers have demanded payment of a ransom of "several tens of thousands of euros" payable in cryptocurrencies.

"We no longer have access to anything", explains the 35-year-old boss, who has turned to the police 👮🏽 , but does not know how to deal with the ransom. Should we pay? If so, how can cryptos be acquired? Who should pay? Do insurers cover the operation? Are there any special procedures?


The subject is all the more sensitive because Cyril is not an isolated case. In 2021, there were almost 2,000 requests for assistance from French companies for cases of ransomware, according to Cybermalveillance.gouv.fr, an assistance and prevention site for online risks. Around a hundred of these requests concerned cryptocurrency-based ransomware.

French police sources suggest that the number of attacks is actually much higher. "A lot of companies don't dare report themselves", confirms a source close to insurer Axa. And the phenomenon is said to be the same throughout Europe, with a global cost estimated at several billion euros, according to figures from cybersecurity firm ARS Solutions.

Paying the ransoms?

In an attempt to "help" these companies overwhelmed by events, the French government recently proposed introducing a new scheme that would authorise insurers to pay these new-style ransoms. The scheme set out in the Ministry of the Interior's Orientation and Programming Bill (LOPMI), presented to the Council of Ministers on 7 September, would affect all types of ransomware, even those based on cryptocurrencies.

As proposed by the French Treasury, which is attached to Bercy, the only condition for compensation would be that the company has lodged a complaint; and obviously that it is insured against cyber risk!"

This bill, which still has to be passed by the French Parliament (which could take several months), has caused a strong reaction in the insurance sector. "We're shooting ourselves in the foot and what's more, we're paying for the bullet", ironised one insurer.

How can we be sure that once paid the hackers will stop the attack?

When questioned, the vast majority of specialists, who do not wish to be quoted directly, explain that there is no certainty. "Most of the time when a company pays a ransom, the hackers don't bring the system back up to date. And if they do, they leave a bug", explains a good connoisseur of these subjects.

A study carried out in 2021 by Cybereason of just over 1,200 security professionals in several countries, including France, showed that 60% of French organisations that chose to pay the ransom were targeted in the following weeks.

The subject is all the more thorny because if this provision were set in stone in law, it could encourage hackers the world over to target French companies. No country has legislation providing for payment for ransomware. It's only on a case-by-case basis.

Traceability of cryptos

Some explain, however, that cryptocurrencies could also play a decisive role in getting hold of hackers. "If paying the ransom in crypto doesn't put an end to the hack, it could help track down those responsible," explains one French insurer.

The advantage of cryptocurrencies is in fact that they are... traceable. Put simply, it's like paying a ransom by marking banknotes. We could then analyse the flows and so trace the chain 🔍.

In the US, several hacker groups have been caught at their own game with cryptos. At the end of 2021, the attackers of the decentralised finance protocol Poly Network ($600 million stolen) were forced to return the funds after a traceability investigation into the blockchain highlighted their responsibility in the operation.

The most emblematic example is the Lazarus group, which has been carrying out hacks galore for years. In 2021 alone, it is said to have stolen more than a billion dollars, according to the American company Chainalysis, one of the reasons it was identified. The only problem: the group is North Korean, which rules out any police or legal proceedings to recover the money...

Format
Analysis
Grégory Raymond

Grégory Raymond is Head of Research and co-founder of The Big Whale. A specialist at the intersection of traditional finance and digital assets, he has been covering the regulatory, institutional and technological developments of the sector since 2017 for an audience of decision-makers: ,banks, asset managers and fintechs. He is also the author of Bitcoin & Cryptos: L'enjeu du siècle (Talent Éditions, 2025), a book built around interviews with key figures from the ecosystem.

See all articles ↗
Raphaël Bloch

Raphaël Bloch is CEO and co-founder of The Big Whale, an independent market intelligence platform on digital assets serving financial market participants through editorial coverage, research, a weekly briefing, and in-person events. He co-founded The Big Whale in April 2022. At the platform, he moderates and hosts institutional events bringing together banks, asset managers, custodians, and infrastructure providers on topics including staking, on-chain yield, stablecoins, DeFi lending, and tokenisation. He has moderated panels at events hosted in partnership with Bitwise, Everstake, Gemini, Morpho, Hexarq, Coinhouse, Delubac, Franklin Templeton, and the Ethereum Foundation, held in London and Paris between late 2025 and mid-2026.

Before founding The Big Whale, Bloch worked as a reporter at Les Echos from December 2016 to March 2020, then at L'Express from March 2020 to March 2022. He also previously worked at Reuters. Since September 2022, he has held a concurrent role as Business Analyst at BFM Business. He has been active in crypto journalism since 2016. He holds degrees from emlyon and the CFJ.

See all articles ↗
Subscribe to The Drop
The leading weekly briefing on digital assets for financial institutions: independent analysis, reports, benchmarks and exclusive events, delivered to your inbox.
Read by 30,000 professionals
November 12–13, 2026

The Geneva Summit

The Corporate Gateway: where the future of onchain finance is decided. 300 handpicked decision-makers. One shared mandate.
300
Decision-makers
2 days
Intensive program