6 Reasons Not to Pay Ransomware Attackers

Paying a ransom might appear to be the best option, but it comes with its own costs.

7 Slides
Hand holding bitcoins in front of a laptop computer with open screen

Already have an account?

Steve Heap via Shutterstock

Victims of ransomware attacks face the excruciating choice of either paying off their attackers or risking considerable disruption in attempting to restore encrypted data on their own or — as is often the case — with the help of an incident response firm.

Numerous studies have shown that most victims prefer paying a ransom either because they don't have proper data backups or because they view it as a less expensive and less risky option compared to not paying. In a survey that ThycoticCentrify conducted last year, for instance, 83% of ransomware victims said they had no choice but to pay a ransom to get back access to their data, and more than 90% said they had allocated a special budget for fighting ransomware threats.

There are many who perceive making a ransom payment as a necessary evil because of the enormous financial damage that can result otherwise. Sixty-six percent of 1,263 respondents in a Cybereason survey reported substantial revenue losses as the direct result of a ransomware attack. Most of it stemmed from disruptions to business processes, system downtime and the resources require to restore systems. These costs can mushroom the longer an organization takes to recover from an attack, which is why many ransomware victims find it preferable to just pay off their attackers.

But is that a good idea — and does it really work? Here are six reasons, according to security experts, why paying a ransom may not be the best idea.

About the Author

Jai Vijayan, Contributing Writer

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights