Should you ever pay a hacker’s ransomware/ extortion request?

Top risks to consider:

❌No guarantee of file recovery or data safety

📈 Incentivises future attacks

👩‍⚖️ Legal consequences

🚪Possible installation of backdoors – ongoing system compromise

📰Reputational damage 

5 reasons not to pay!

1. No guarantee of file recovery or data safety

• No guarantee of decryption: Even if you pay, there’s no assurance that the attacker will provide the decryption key or remove malicious software. In many cases, victims never get their data back. They are criminals after all – they’re unreliable!
• Corrupt decryption: Even if you get the key, it may not work properly or could only restore part of your data.
• Data may still be leaked: If the extortion involves a threat to release sensitive information (like in double extortion), paying might not prevent the data from being exposed or sold to others.

2. Incentivises future attacks

Whilst it seems like the quickest solution ‘paying up’ shows that cyber extortion works, which could in turn lead attackers to target you again or encourage them to go after others. If you pay, there is a good chance of finding yourself on a ‘successful target list’ on the dark web, opening you up to repeated attacks.

 3. Legal consequences

• Violation of laws or sanctions: Paying a cybercriminal might violate laws in certain jurisdictions, especially if the attacker is linked to a sanctioned nation or terrorist group. Some governments have strict rules against paying ransoms.
• Liability for data breaches: Paying could imply acknowledgment of negligence, which might expose you to legal action, especially if sensitive customer or employee data is involved.

4. Possible installation of backdoors – ongoing system compromise

Even if the attacker gives back access to your system, they may have installed backdoors or additional malware, allowing future access to your data or systems without your knowledge.

5. Reputational damage

If the attack becomes public or if sensitive data is leaked despite the payment, your organisation’s reputation can suffer. Customers, partners, or stakeholders might lose trust in your ability to protect their data.

Summary

Paying a ransom should generally be a last resort and avoided wherever possible. It perpetuates the criminal activity and offers no guarantees. Cyber insurance is crucial in that it provides access to the technical and legal expertise you need to make a fully informed decision.

Would you know what to do if you suffered a cyber attack?

Put your decision-making to the test with our online simulation. Uncover the risks and witness the results of your actions in a safe space. Experience a simulated cyber attack, the sequence of events and their potential impact on an organisation through our latest tool.

Do you have what it takes to deliver your team from crisis point?

TEST YOUR SKILLS USING OUR SIMULATION

For further insights and support on building cyber resilience into your organisation check out our cyber risk resources, here or speak with one of our team today!

Got a question? Want to know more?

Contact our expert, Matthew Clark, Cyber Director

07775 537387

matthew.clark@partnersand.com