6 Reasons Not to Pay Ransomware Attackers

Victims of ransomware attacks face the excruciating choice of either paying off their attackers or risking considerable disruption in attempting to restore encrypted data on their own or — as is often the case — with the help of an incident response firm.

Numerous studies have shown that most victims prefer paying a ransom either because they don't have proper data backups or because they view it as a less expensive and less risky option compared to not paying. In a survey that ThycoticCentrify conducted last year, for instance, 83% of ransomware victims said they had no choice but to pay a ransom to get back access to their data, and more than 90% said they had allocated a special budget for fighting ransomware threats.

There are many who perceive making a ransom payment as a necessary evil because of the enormous financial damage that can result otherwise. Sixty-six percent of 1,263 respondents in a Cybereason survey reported substantial revenue losses as the direct result of a ransomware attack. Most of it stemmed from disruptions to business processes, system downtime and the resources require to restore systems. These costs can mushroom the longer an organization takes to recover from an attack, which is why many ransomware victims find it preferable to just pay off their attackers.

But is that a good idea — and does it really work? Here are six reasons, according to security experts, why paying a ransom may not be the best idea.