Ransomware: To Pay or Not to Pay?

Ransomware: to pay or not to pay?

Should companies negotiate with ransomware attackers and pay the ransom demanded?

In its report on the state of IT security in Germany, the Federal Office for Information Security (BSI) highlights that the second quarter of 2023 saw the highest number of leak victims since records began. Many companies pay the ransom. However, the ransomware report from Cybereason shows once again that paying millions to ransomware attackers is not a good solution. 86 percent of victims paid the ransom, but only 52 percent got their data and services back undamaged. A good three quarters were attacked again – almost all of them within a year – and a whopping 64 percent of them were asked to pay more the second time.

No guarantee that attackers will keep their word

Many believe that paying the ransom is the quickest way to regain access to critical data and systems. However, the results of the latest ransomware report make it clear once again that payment is no guarantee that the attackers will keep their end of the bargain and return all systems and data undamaged, or that they will not attack again after the ransom has been paid.

On the contrary, the study shows that once a vulnerability has been found, companies are highly likely to be attacked again. This is because paying a ransom is a financial incentive for cyber criminals that encourages criminal behavior. This creates a vicious circle in which the attackers are encouraged to carry out further attacks. For companies, there is a risk that they will end up losing money by paying a ransom without being able to solve the problem.

Prevention is better than cure

A much better approach to the scourge of ransomware is to make companies invulnerable by investing in skills, strategy and technology. Companies should not gullibly assume that they will not be victims. This is not an effective strategy, especially given the increasing sophistication and business volume of cybercrime. Only by improving their cyber security can companies make it more difficult for attackers to penetrate their defenses.


People are the weakest link for cybercriminals. Employees pose the greatest threat to organisations as they can inadvertently introduce ransomware into the organization by clicking on links or visiting websites that pose a risk. Security awareness training combined with regular testing to test employees’ vulnerabilities is crucial.

Cybersecurity experts with experience in ransomware protection should also be employed. Companies can also outsource parts of the security measures to close gaps, for example monitoring outside of business hours or threat detection and response services. For example, attacks can be isolated at the earliest stages using appropriate systems.


Companies should ensure that sufficient resources are available for appropriate strategic planning. It is also important to ensure that all areas of the company are involved, including management, PR and marketing – for crisis management and customer communication.

In addition, security can be enhanced by a team of threat hunters who look for anomalies, unusual patterns and other indicators of potential threats that automated systems may have missed. The goal should be to identify and address security threats before they can cause significant damage to the organisation or cause data breaches.


Investing in the latest technologies is essential. Companies need a cyber security platform that is monitored 24/7, offers built-in automated incident response and has AI-powered techniques to block or investigate threats quickly and autonomously. This is the only way to ensure that both online and offline networks are covered.

Companies should be protected at every stage of an attack and provide a rollback for all affected files as a last line of defense. It’s worth working with vendors to set up managed detection and response services with round-the-clock monitoring. They help to detect, stop and even resolve attacks within moments, regardless of when they occur.

Back-up plan for data recover

Many companies are unprepared and find themselves in a ransomware dilemma. Prevention is the order of the day here in order to strengthen defenses and make things difficult for the criminals. Furthermore, in the event of an attack, data can be restored quickly with a suitable back-up plan. The most comprehensive and efficient way for companies to put an end to ransomware breaches is to partner with cybersecurity solution providers that have specialized technology to protect against ransomware.

Reiner Dresbach

Reiner Dresbach

is Regional Vice President Central Europe at Cybereason.