Most law enforcement agencies recommend not paying ransomware attackers, citing that it will only invite hackers to commit more ransomware attacks. However, when an organization faces a possibility of weeks or longer of recovery, the thought of lost profits may begin to sink in, and an organization may start to consider the price of the ransom compared to the value of the data that has been encrypted. According to Trend Micro, while 66% of companies state they would not pay a ransom, about 65% do pay the ransom when faced with the decision. The attackers set the price point so it is worth their time but low enough that it will be cheaper for the targeted organization to pay the attackers off rather than restore the encrypted data.

Even though it would be understandable as to why some organizations would want to pay the ransom, it is still not recommended for a number of reasons:


• Still dealing with criminals : There is still no guarantee that the attackers will follow through with their word and decrypt the data. A Kaspersky Security Bulletin from 2016 claimed that 20% of businesses that chose to pay the ransom demanded of them did not get their files back.


• Potential for scareware : The ransom message could be used without having accessed an organization's data.

• Bad decryption key or one that barely works : After paying the ransom, the decryptor an organization receives may only work enough for the criminals to say they followed through with what they promised.


• Possibility of repeated ransom demands : Cybercriminals will now know that the targeted organization has a history of paying ransoms.