Skip to content

Should You Pay Ransomware To Recover Your Files?

Should You Pay Ransomware To Recover Your Files?

Ransomware is one of the most common types of malware in the world today, and businesses both large and small have been victimized in this way. In fact, even government agencies have fallen victim to this insidious tactic. By utilizing technology that was originally intended to protect private data, hackers (and cyber-criminals in general) have learned that this is an effective tactic. And so, when you get that ransom note telling you that your files have been encrypted, you have a choice to make. Do you pay the ransom or not?

Is It Better To Pay The Ransom?

At this point, many business owners might feel pressured to go ahead and pay the ransom. In cases where the ransomware demand is relatively small, the temptation to pay the ransom and shove everything under the rug might be very appealing. However, the FBI has formally advised all businesses to refuse payment. Instead, they urge you to contact the nearest FBI field office immediately. Most other relevant authorities seem to agree that you should never pay the ransom.

There are a number of good reasons behind these recommendations. For one thing, there is no guarantee that you will actually get your access and data back. Once payment is made, the attacker will be under no obligation to give you the password that unlocks your data. They can choose to simply take the money and run, or demand a second ransom. There are cases in which this has happened.

However, let’s consider the best-case scenario. Even if you pay the ransom and recover your data in full, there is no guarantee that the ransomware hacker will not retain some of that information for later usage. For instance, let’s say your company handles a lot of credit card/bank account data on behalf of customers and clients. A ransomware hacker might find that information too appealing to resist and may use it to commit various other acts of fraud.

Apart from these concerns, you should avoid paying the ransom because you don’t want to encourage this type of activity. When a ransomware attack is successful, the method will likely be repeated with another victim. On the other hand, if they don’t get any money for their efforts, such a person might not be inclined to try again. If you do pay the ransom, however, they might even choose to attack you again. These attacks have become very common and continue to rise in frequency, so you don’t want to contribute to that problem.

Is It More Cost-Effective To Pay The Ransom?

There are some cases in which ransomware recovery costs are actually greater than the amount of the ransom demand. For instance, the city of Baltimore was hit with ransomware in 2019, and they refused to pay the ransom, which demanded $76,000 in Bitcoin. Unfortunately, the recovery costs ended up in the neighborhood of $18 million.

However, when we look at this situation in greater detail, we feel that the city of Baltimore made the right decision. However, those high recovery costs would suggest that they were not thoroughly prepared for a ransomware attack. Had they been a little better prepared, those costs could probably have been a lot lower. Even with the high recovery costs, is it really a good idea to let hackers get away with extorting an entire city?

Data Breach Reporting

No matter where you live, there are probably laws regarding data breach reporting. Although you won’t generally get into legal trouble for paying the ransom, you can definitely get into some legal trouble if you pay them and then conceal the fact. Let’s be honest here: The main reason that companies pay these ransoms is this simple fact: They want the whole matter to go away.

However, since you are required by law to report a data breach in most instances, you won’t really help your reputation by sweeping the incident under the rug. In fact, if the breach should be exposed, later on, it could have disastrous results. So, you should always avoid the temptation to pay the ransom.

Being Prepared For A Ransomware Attack

The most important thing is to back up your data regularly. If you maintain a regular and complete backup system, it is more or less impossible for hackers to hold your data for ransom. Instead of paying the ransom to receive a decryption key, you can just wipe all the affected systems (making sure to overwrite any empty space for maximum safety) and restore your whole system from the most recent backup.

Yes, this will not prevent the ransomware hackers from leaking the data they have stolen, but it will at least prevent them from extorting you. It also pays to utilize network monitoring and SIEM (security information and event management) software to detect suspicious activity. Like most criminals, ransomware hackers will generally look for the easiest target they can find. If that isn’t you, they will likely look elsewhere.


Although a ransomware attack is always a serious problem, it doesn’t always have to be a serious disaster. If you take a few precautions and keep a calm mindset, it is possible to deal with these things far more easily. Of course, if you need some help with any of that, we would recommend calling PCH Technologies at (856) 754-7500. Whether you need ransomware data recovery services or just some help with preparation, we are always ready to help.