• Inception Security

5 Reasons you should not pay ransomware attackers

Updated: Apr 22

Ransomware is the type of suspicious software Cybercriminals use to encrypt your data, rendering it unusable. As a result, the attackers demand the ransom money to release the victim's data.


Once the attack is successfully executed, the victim has to pay money to access their data, but paying to the attacker is not a good decision because once they produce, the attacker knows they can get money from the victim, so they attack again and again. If you don't pay, you'll lose money while waiting for IT to recover your files. Paying a ransom is a difficult decision, but there are several reasons why you shouldn't pay the ransom.


  1. Becoming an attractive target: If you paid a ransom amount to get back your data, you become the more attractive target for the attackers and try to attack more often. The criminals tell other criminals who have paid money to get the data decrypted and who has not. Simply paying the ransom will encourage the attackers.

  2. Criminals are untrustworthy: Trusting criminals is not easy because you are putting your faith in a group of unethical actors. In addition, many victims are still unable to access the files after paying the ransom money. So, relying on attackers is not a good choice because once a victim is always a victim.

  3. You are supporting the attackers: Paying the ransom encourages the attackers to develop a more advanced version of attacks. The money they get from the victims can be used for further attacks. The situation is exacerbated by paying the ransom. Many cybercrime gangs function in the same way as real businesses do, with several income streams.

  4. The next ransom will be more expensive: Although the average ransom amount is about $500,000, some attackers demand more money if they know the victim wants their data and files back. The supplier determines the price based on the buyer's willingness to pay. If the victims decline to pay, the assailants have no reason to increase the ransom.

  5. Found corrupted data: When the victims get back their data, they find it most of the time corrupted because attackers kept some door to breach their data further. According to a recently published report on the Ransom attack, 46% of people found that their data recovered by paying is corrupted. Therefore, some of the victims could not get their data back even after paying the ransom amount.


An effective plan to limit the risks of an attack:

If organizations do a proper backup of their critical data, they will not be in a position where they feel forced to pay the ransom to the attackers.

  1. Regular backup: A regular backup is a good practice because it will limit the potential impacts of a ransomware attack. However, a routine backup test is also necessary to make sure the backups are functional. We have worked on many incident response engagements where the client has not tested their backups recently and when it was time to use them after experiencing a ransomware attack they were unusable.

  2. Do not open malicious links: Train the organization staff not to open any malicious links because phishing is still a very common initial access vector for ransomware operators. There are security awareness platforms that can be leveraged to train your employees so they are prepared the next time they are targeted with a phishing email. In addition to training, implementing an email security gateway to filter a majority of phishing emails before they arrive is recommended.

  3. Regularly update your software and applications: Update your systems regularly because many ransomware attackers are leveraging well-known vulnerabilities to gain a foothold into their target environments. So regular updating of software will prevent many attacks. It is recommended to perform a vulnerability assessment at least once a quarter.

The FBI does not support paying the ransom because it does not ensure the organization will access its lost data or not. In some cases, attackers did not provide the decryption keys to the victims who paid the ransom. In other cases, even when the victims have valid decryption keys, they are still unable to access their lost data due to flaws in the encryption algorithms. Paying ransom encourages criminals to attack other organizations and creates a profitable business opportunity for others.

We can help!

Are you looking for ongoing advisory services to assist in identifying vulnerabilities and security policies that should be in place and help improve your security posture? The team at Inception Security™ has been leveraged to enhance the security posture of fortune 100 companies, small and medium-sized businesses. Our team has a depth of knowledge in the cybersecurity industry and will be able to provide value to your business right away.


Contact Inception Security if your company is looking for advisory services.



Recent Posts

See All