IT Support &
Business Software

Would you pay a ransomware demand?


ransomware-demandA recent survey by AT&T Cybersecurity revealed that 40% of IT security professionals believe paying a ransomware demand should be illegal.

The UK experienced a 195% rise in ransomware attacks in the first half of 2019, making the UK the biggest target.

Whilst businesses are now better prepared to deal with cyber threats, no system is 100% secure. If you are hit by a ransomware attack, paying the ransom may be the fastest way to regain control of your systems and data. It can however invite further attacks and encourage cyber criminals to continue extorting money.

What would you do if you were faced with a ransomware demand? We explore the reasons why businesses should think twice before paying a demand.

The costs of a ransomware attack:

  • Actual ransom: The sum may vary depending on the attack but it is paid to hackers in the hope they will decrypt your files.
  • Downtime: Whilst your systems are locked, you will be unable to access your files, leading to loss of productivity.
  • Employing a security professional: You may need specialist expertise to restore your systems and recover your data.
  • Legal fees and potential fines: If the ransom attack is considered a data breach, you may be found non-compliant with GDPR.
  • Damage to company reputation: An attack can damage your reputation which in turn will affect your sales.
  • Increased insurance premiums: You may find your cyber insurance premiums rise if you make a claim.

For most business owners, their priority is recovering data, minimising costs and resuming normal operations as quickly as possible. After weighing up the cost of paying a potentially modest ransom, versus the cost of downtime and reputational damage, it is easy to see why businesses may be tempted to pay the ransom. There are however other factors to consider, as outlined below.

Why you should think twice before paying a ransomware demand

Cyber criminals operate outside of the law. There is no guarantee that if you pay the ransom, you will actually receive the promised decryption tool. Moreover, there is no guarantee that the decryptor tool will work. According to a report by the CyberEdge Group, 38.9% of businesses affected by ransomware paid the ransom but lost their data.

In addition, if you choose to pay the ransom, you may be targeted again in future as criminals know you are willing to pay.

Finally, there are ethical questions to consider. Paying the ransom may incentivise more attacks as criminals know it is lucrative. You may therefore be perpetuating the ransomware cycle. It is suggested that paying demands has made ransomware so lucrative, it has led to ‘Ransomware as a Service’. This is where hackers have packaged turnkey ransomware kits, allowing criminals with little (or no) technical experience to easily launch their own ransomware attacks.

Preventing ransomware attacks through good practice

Protecting your systems by adopting a range of security measures is key. Equally important is having up-to-date backups, separate from your network, so your data can be easily retrieved and not held ransom.

We summarise our good practice recommendations below:

  • Regular backups: Ensure your backups are up-to-date and secure to protect against ransomware and hardware failure.
  • Patch management: Install patch updates as quickly as possible to reduce the risk of cyber criminals exploiting identified vulnerabilities.
  • Malware protection: Adopt a multi-layered approach to your IT security. This includes antivirus software, firewalls and advanced email protection.
  • User education: Human error is one of the biggest threats. Increase employee training so they are aware to not click on suspicious links and only download software from trusted websites.
  • Control removable media: Disable the use of USB storage devices to prevent ransomware being brought in inadvertently.
  • Visit the No More Ransom site: This is an online portal that helps ransomware victims retrieve their encrypted data without paying criminals. You need to upload two encrypted files which are cross referenced against a list of available decryption tools. If there is a positive match, you can unlock your files for free. It is not fool proof however and a suitable decryption tool may not be available.

For more tips on how to secure your systems, read our Top 10 Tips to Protect against Ransomware.


When hit by a ransomware attack, most law enforcement agencies discourage paying the ransom demand. They would argue that this helps finance criminals and encourages them to continue their illegal activities. Every ransomware incident is different however and you need to weigh up the costs and benefits to your business. A more advisable and proactive approach is implementing security measures and regular backups that mitigate the repercussions of an attack.


Client Testimonials


Josie Sullivan Leroy Reid & Co

Very helpful in supplying the system required with very little down time. Personable and professional in guiding us along the right path. Nothing is too much for them.

David Halloway Southern Testing

Support with a sense of fun!

Carmel Clarke Kingswood Controls

Professional and extremely helpful. PCR will go above and beyond to resolve any IT problems that you may have.

Max Somper Metamark

PCR are very much on the same page as ourselves. They're very flexible, pragmatic about response, efficient, and they've always been the best choice for us as a business.

Keith Faulkner Brainwaves Books

Over the years, I've seen PCR grow and develop, but their attitude and customer service has never altered. The quality of their service remains constant.

Alex Arscott Richard Russell Panels

A good honest company we've dealt with since the year dot.

Contact PCR now