BLOG: Should Organisations Pay Ransom Demands?

A popular debate is quite often, “should organisations pay the ransom demands of hackers?”, but despite the scepticism, many organisations do. One example is the Riviera Beach City Council which was at the frontline of a vicious cyberattack in 2019, they were forced to vote and ultimately it was a unanimous decision to pay the demands of the hackers. They were under the belief that this was the only option if there was any way of retrieving its records, which the hackers encrypted. They agreed to pay $600,000 ransom to hackers who took over its computer system.

Statistics for organisations and companies that pay are often hard to obtain due to the fact that many victims of these cyberattacks do not report nor disclose the incidents. Given that ransomware attacks typically involve denying the availability of data or systems, notification responsibilities relating to a ransomware attack do not neatly align with other cybersecurity-related notification obligations and triggers.

Companies are often faced with the tough decision of whether it is the best option to pay the ransom or exploring other recovery methods such as backups. Regrettably, many hackers and types of ransomware may leave organisations with the only option of paying the ransom to recover their files. If paying the ransom is the only option for data restoration of a company should seek out a ransomware recovery service.

Paying the ransom as a ransomware victim means that the organisations will be exchanging digital currency to have your files unlocked. Businesses that choose to pay the ransom are doing so because they need a decryption key. It is imperative that organisations and businesses understand the true depths of this type of exchange, alongside the pros and cons as this provides them with the knowledge to make a more informed decision.

To understand more about ransomware and the prevention methods organisations can take to protect themselves from ransomware attacks, click here to read our ransomware handbook.