I remember LaBrea. The original author almost abandoned the project, citing potential legal action against him because the nature of LaBrea goes against certain provisions of the
Federal Wiretap Act, namely:
Any person who intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication…intentionally discloses, or endeavors to disclose, to any other person the contents of any wire, oral, or electronic communication, knowing or having reason to know that the information was obtained through the interception of a wire, oral, or electronic communication in violation of this subsection; intentionally uses, or endeavors to use, the contents of any wire, oral, or electronic communication, knowing or having reason to know that the information was obtained through the interception of a wire, oral, or electronic communication in violation of this subsection…
Basically, LaBrea does exactly that; intercepts electronic communication. How that actually would play out in the courts is another matter, as TechRepublic's John McCormick pointed out
back in 2003:
You probably think that this is a really stupid idea—the concept that you could be violating the law merely by monitoring what a trespasser does on a system you own. But that’s just your common sense speaking, and any lawyer will tell you that the law has little or nothing to do with common sense.
I think the honeypot concept mouser is talking about involves more of a "mousetrap" aspect; an application places a special file or fake network connection that
looks (to a ransomware program) like something it would want to access and modify, but is in fact actively monitored by said 'honeypot' application such that when the file or network is accessed, the process doing the access is immediately targeted and shut down. Sounds like a good idea to me; how to implement? Beyond me.