Ransomware is one of the biggest cyber threats that all organizations face today. The infamous attacks on SolarWinds and the Colonial Pipeline serve as high-profile examples of state-sponsored threat actors waging increasingly sophisticated cyber-warfare. With the current conflict in Ukraine, experts predict that Russia will target U.S. financial systems and the nation’s critical infrastructure with ransomware to put pressure on the U.S. to relent on sanctions.

U.S. government officials strongly advise against paying a ransom and have even ​​suggested legislation be passed making it illegal to do so in an effort to discourage cyber attackers from continuing to attack infrastructure targets such as municipal governments and hospitals.

Ransomware demands have skyrocketed, making it less economical for companies to pay, yet over half of all businesses that experience a ransomware attack decide to pay the ransom in an attempt to retrieve critical data and get their systems back online as quickly as possible for the sake of employees, customers, and shareholders. A third of these companies never see their data again regardless.

This begs the question: In the event that your business gets hit with ransomware, should you pay the ransom or not? This article will explore why so many ransomware victims decide to pay the ransom, key reasons you should never pay the ransom in the event you experience an attack, and offer practical advice and recommendations for preventing ransomware attacks in the first place.

Why Do So Many Ransomware Victims Decide to Pay the Ransom?

Research shows that the majority of businesses opt to pay the ransom after a successful attack. Cybersecurity experts disagree with this course of action but recognize that many businesses are afraid they won’t be able to recover and will attempt to get working conditions up and running as soon as possible. There is also the desire to protect customer data, employees who would be otherwise without work shifts, learn what data had been compromised in the attack - as most organizations have a limited inventory of collected data - and save money. After performing a cost-benefit analysis, many businesses decide it’s more cost-effective to pay the ransom.

How Much Are Companies Paying in an Effort to Retrieve Their Data?

Calculating the exact total cost of ransomware payments is difficult to assess. In 2020 there was an estimate of $70 billion in damages caused by ransomware attacks. However, the average ransomware attack in 2020 increased by 171% to $312,493 from $151,123 in 2019, according to a recent report examining trends in ransomware. Cybercriminals received a $4.4 million payout in untraceable bitcoin as a result of the Colonial Pipeline of last May. 2021 also saw the highest ransom ever demanded hit $70 million in the REvil attack on Kaseya.

Why You Should Never Pay the Ransom in the Event that You Experience an Attack

Law enforcement and governments typically encourage businesses not to pay ransoms, as it only reinforces attackers and ultimately leads to funding more criminal activity. There is no guarantee the compromised data can be recovered if the malicious hacker even makes good on their word to return the files, and the attackers will still have access to it if it is decrypted. Regardless of whether the victim agrees to make the payment, they will still face delays at best just to restart the network. The average ransomware-induced downtime is six days, with some instances lasting more than a week. Victims also face the added loss of integrity and confidentiality. 

Sites like No More Ransomware were established to evaluate your encrypted files after you’ve been compromised to help you ascertain the type of ransomware used. They also have an index of a large list of ransomware decryption tools with pointers on where to find and download the tools necessary to decrypt them. Many of the popular antivirus vendors have similar pages, and Guardian Digital can also assist you with this process as part of the services we provide to our clients.

However, in cases involving newer or less common ransomware variants, decryption tools may not be available, and not paying the ransom that attackers ask for is often unrealistic for businesses and organizations that have lost important data. Although sixty-six percent of companies say that they would never pay ransom to cyber criminals, in reality sixty-five percent do pay ransom when they get hit with an attack. Realistically, the decision of whether or not to pay ransom to restore encrypted files is complex: it is both a moral and a practical decision which often involves doing a cost-benefit analysis.

How Can I Prevent a Ransomware Attack?

Preventing a cyberattack is not always possible, which is why it’s important to implement security best practices and invest in a proactive, fully-managed email security solution to mitigate risks. Some best practices for preventing a ransomware attack include:

  • Think before you click and validate an email before downloading any of its attachments.
  • Keep your OS patched and updated, this reduces the chance of exploitable vulnerabilities.
  • Back up your files frequently and automatically to reduce the damage caused by a ransomware attack. Backups are not foolproof, as ransomware may sit idle until it is triggered, potentially destroying backups.
  • Invest in a comprehensive, proactive cloud email security solution that accurately detects malicious emails (such as those containing ransomware) and prevents them from reaching the inbox.

The Bottom Line

The unfortunate reality is that ransomware is a serious universal threat that all companies must address. In the words of Lisa Monaco, U.S. Deputy Attorney General, “The threat of severe ransomware attacks pose a clear and present danger to your organization, to your company, to your customer, to your shareholders, and to your long-term success.” 


Whether or not to pay ransom presents an extremely difficult decision for organizations that experience an attack. While cybersecurity experts don’t all agree on the answer, they do all emphasize one point: when it comes to mitigating the risk of ransomware and the impact of a potential attack, prevention and preparedness are key.

Must Read Blog Posts

Latest Blog Articles

Recommended Reading