Pay or Not Pay the Ransom? What's Your Opinion?

The debate over whether to pay or not to pay the ransom once your system is encrypted is heating up. Yesterday, the US Conference of Mayors approved a resolution coming down in favor of not paying cybercrooks. There are arguments on either side of the question. Paying the ransom creates a huge incentive for ransomware crooks to keep plying their trade. However, in many cases, the costs of not complying with the demand can cost many millions more than paying and may not be a realistic option for some smaller cities. And once your system is compromised with ransomware there may be residual malware left behind and the only way to totally reduce that risk is to build back from bare metal.

Pay or Do Not Pay? What do you think?

Interesting article from Talos appeared today.

I see the need for an overall policy, but then each city has to access their individual situation when it does occur. In the cases when they do pay (like Riviera Beach), does the public and/or residents have a right to know if the data was recovered since it is taxpayer money that was utilized to pay the ransom (majority was from their insurance policy, but tax dollars paid for that of course)? Little has been reported about what was recovered and no word on what the city of Lake Mary got back. A third city, Key Biscayne, is contemplating paying the hackers at this point.

1 Like

Hi nedt45. Thanks for your first post to the community!!! State and local governments should be transparent on what was lost if they hope of getting funding from their taxpayers for uncovered losses.

In some cases, what is lost may not be known immediately. In the case of Lake City the New York Times reported that thousands of pages of documents of over 100 years of records were manually scanned in. That would take a significant amount of time to identify the loss.That might be the case in many other small municipalities. And in some cases it may never be known if the data is not decrypted and rebuilt from scratch.

"More than 100 years’ worth of municipal records, from ordinances to meeting minutes to resolutions and City Council agendas, have been locked in cyberspace for nearly a month, hijacked by unidentified hackers who encrypted the city’s computer systemsand demanded more than $460,000 in ransom.

“Weeks after the city’s insurer paid the ransom, the phones are back on and email is once again working, but the city has still not recovered all of its files. There is a possibility that thousands of pages of documents that had been painstakingly digitized by Ms. Sikes and her team will have to be manually scanned, again.”

I think this is more of a business decision than an IT dept. decision. IT input is certainly needed, but we shouldn’t be deciding this, as each situation is different than the next. Wasn’t the ransom for Baltimore only ~$76K, which they didn’t pay, and now they’re estimating the cost of recovery to be ~$18 million? Hindsight is 20/20… Each situation should be evaluated individually, but the option of paying ransom should remain on the table.


Thanks for your post Brian. Good to see you back!