Jun 22 2021

Ransomware: What REALLY happens if you pay the crooks?

Category: Cyber Insurance,RansomwareDISC @ 1:49 pm

Governments and law enforcement hate it when ransomware victims pay the blackmail demands that almost always follow a ransomware attack, and you can understand why, given that today’s payments fund tomorrow’s cybercriminality.

Of course, no one needs to be told that.

Paying up hurts in any number of ways, whether you feel that hurt in your head, in your heart or even just in the pit of your stomach.

“I was happy to pay up for a job well done,” said no ransomware victim ever.

However, it’s easy for people who aren’t looking down the wrong end of the cybercrime barrel to say, “You should never, ever pay. You should let your entire business implode, and let everyone in the company lose their job, because that’s just the price of failure.”

So, if your back’s against the wall and you DO pay up in the hope that you’ll be able to restart a business that has ground to a total halt…

…how well will it all go?

Guess what? You can find out by tuning into a fun but informative talk that we’re giving twice this week.

Catch us online on Wednesday 23 June 2021 at the SC Annual Digital Congress, at 14:15 UK time (UTC+1), or on Thursday 24 June 2021 at the Sophos Break a Hacker’s Heart online event, at 11:00 UK time (UTC+1).

You need to register, but both events are free to join. (They’re both 100% virtual, given that the UK is still in coronavirus lockdown, so feel free to attend from anywhere.)

We’ll give you a clue by sharing a key slide from the talk:

As you can see, paying up often doesn’t work out very well anyway, even if you have no ethical qualms about doing so, and enough money burning a hole in your pocket to pay without flinching.

And remember that if you lose 1/3 of your data, like 1/2 of our respondents said they did, you don’t get to choose which computers will decrypt OK and which will fail.

Murphy’s law warns you that the laptops you could have reimaged easily enough will probably decrypt just fine, while those servers you really meant to backup but didn’t… probably won’t.

We’re going to try to make the talk amusing (as amusing as we dare be when talking about such a treacherous subject), but with a serious yet not-too-technical side.

We’ll be giving some tips you can use both at work and at home to reduce the risk of getting ransomed in the first place.

Ransomware Protection Playbook

No cybersecurity plan will ever be perfect, no defense is impenetrable. With the dangers and costs of a successful ransomware attack on an organization increasing daily, it is important for cybersecurity and business leaders to have a prevention and recovery plan before disaster strikes.


In Ransomware Protection Playbook experienced penetration tester and cybersecurity evangelist Roger Grimes lays out the steps and considerations organizations need to have in place including technical preventative measures, cybersecurity insurance, legal plans, and a response plan. From there he looks at the all important steps to stop and recover from an ongoing attack starting with detecting the attack, limiting the damage, and what’s becoming a trickier question with every new attack – whether or not to pay the ransom.


No organization with mission-critical systems or data can afford to be unprepared for ransomware. Prepare your organization with the Ransomware Protection Playbook.

Tags: ransomware attacks, Ransomware elearning, Ransomware Protection Playbook