zlacker

There’s a very real difference between the data possibly still being saved in some huge storage dump of a ransomware group and being available for everybody to exploit on a leak site.

It’s a sliding scale, where payment firmly pushes you in the more comfortable direction.

Also, the uncomfortable truth is that ransomware payments are very common. Not paying will make essentially no difference, the business would probably still be incredibly lucrative even if payment rates dropped to 5% of what they are now.

If there was global co-operation to outlaw ransom payments, that’d be great. Until then, individual companies refusing to pay is largely pointless.

>>wallet+(OP)
> It’s a sliding scale, where payment firmly pushes you in the more comfortable direction.

No, it pushes you in a more comfortable direction, and I'm not you.

>>jacque+xJ
Yes, but your concerns are less rooted in reality and more in the fact that you find the idea of paying ransomware groups repulsive. That’s fine, but there’s rational analysis to be done here, and it often leads to paying being the best option.

If your company gets hit by one of these groups and you want to protect your customers, paying is almost always the most effective way to do that. Someone who isn’t particularly interested in protecting their customers probably wouldn’t pay if the damage from not paying would be lower than the cost of paying.

A third possibility is that you simply feel uncomfortable about paying, which is fine, but it isn’t a particularly rational basis for the decision.

I think we can also fairly assume that the vast majority of people have no strong feelings about ransomware, so there’s likely going to be no meaningful reputational damage caused by paying.