July 11, 2019 | Cyber Security, Industry Insights

Ransomware. To Pay Or Not To Pay? That Is The Question.

Share This:

If you haven’t been the victim of a ransomware attack yet, you may be someday soon. According to research by the cybersecurity company, Malwarebytes, six of every ten malware infections during the first quarter of 2017 were attributed to ransomware.1 If and when it happens to you, you will have to decide whether to pay the ransom or not. Here are some things to consider that may help in coming to the right decision for you.

If You Decide To Pay

If you pay the ransom, you may get your data back and your operations can return to normal. You can reduce business interruption, although investigation and remediation of any damage to the system is still necessary.

If you pay the ransom, at least there’s a better chance of getting your data back. But there are a few things to consider. First off, bad guys aren’t known for keeping their word. In recent large-scale attacks, the emails associated with digital currency payments were disabled shortly after the attacks and there was no way for the attackers to track who paid ransom and who did not. In other attacks, hackers simply took the money and never provided the encryption keys. In still others, once a ransom was paid and the attackers provided the encryption key, they returned and attacked again.

Another thing to consider if you decide to pay the ransom is that you will likely need to purchase digital currency to do so. That is not the easiest thing to do when you’re under pressure and have never done it before. Bitcoin is usually the currency requested and can be purchased through an online exchange, but the transaction is not immediate. It can take anywhere from 24 hours to several days to set up an account and process a transaction. For that reason, if you determine that you’re inclined to pay ransom, you may want to purchase some Bitcoin or other digital currency to have on hand to facilitate the transaction. However, be mindful that you will need to have access to the funds should your system become encrypted, so you will want to set up your account and store your currency somewhere separate from the system you wish to protect.

Although the media have reported a few ransomware cases with demands that range from tens of thousands to millions of dollars, the average demand in 2016 was $679.2 If you plan to purchase digital currency to have on hand in case of a ransomware event, purchasing between $300 and $1,000 would meet the demands of most attackers.

If You Refuse To Pay

The Federal Bureau of Investigation strongly urges us not to pay ransom.3 Paying ransom fuels the ransomware business, providing incentive for the bad guys to keep on doing it.

The down side of refusing to pay is that you won’t be able to access your data, at least not right away. This is where it’s important to have a forensic investigation to determine what type of ransomware was deployed. If you know the type of malware, the chances of resolving the issue are much higher. In many cases, security companies publish free encryption keys that unlock particular ransomware.

Yet, if you are diligent about back ups—backing up to the cloud and to a removable device—you may be just fine. The most inconvenience and expense attached to the attack may be the time spent installing your backup.

An Ounce of Prevention Is Worth More Than Paying Up In Bitcoin

There are two simple things you can do now to reduce your chances of becoming a victim of a ransomware attack. First, make sure your data is backed up both to the cloud and to a removable device, like a flash drive or removable hard drive. Ensure the data are backed up and make sure that when the back up is done that the removable device is disconnected. More sophisticated ransomware attacks encrypt the computer, the network, cloud files and devices attached.

Second, install security updates to your operating system, software and devices. If you keep on getting messages flashing at you to “install updates,” do it. The most recent ransomware attacks that caused the most damage worldwide exploited the fact that companies and individuals did not take the time to install security updates even though they were free and available.


Contains copyright material with permission from The Hartford Steam Boiler Inspection and Insurance Company.



1 Malwarebytes, “Cybercrime Tactics and Techniques, Q1 2017.” (https://www.malwarebytes.com/pdf/labs/Cybercrime-Tactics-and-Techniques-Q1-2017.pdf)

2 Symantec, “An ISTR Special Report: Ransomware and Business 2016,” (https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/ISTR2016_Ransom ware_and_Businesses.pdf)

3 FBI Public Service Announcement, “Ransomware Victims Urged to Report Infections to Federal Law Enforcement,” September 15, 2016. (https://www.ic3.gov/media/2016/160915.aspx)

Share This:


Extra Expense Coverage for Logistics Service Providers

Since the beginning of the pandemic, there has been a torrent of news stories about insurance litigation. The media has prominently highlighted Business Interruption claims for losses due to government orders and shut downs have been prominently highlighted. This increased scrutiny has all industries, including logistics service providers, asking, “What is Business Interruption Insurance, and […]

Industry Insights

Subrogation: A Powerful Tool for Logistics Providers

  What Is Subrogation? Subrogation is the term for an insurance company’s efforts to recoup moneys paid in defense of a claim. This means that if a claim is filed against you, and the insurance company pays it, the insurance company will then look to get that money back if the loss wasn’t really your […]

Industry Insights

Canada eManifest Update for Freight Forwarders

An important change written into CBSA Notice 20-28 went into effect as of January 4, 2021. Starting on this date only electronic house bills may be used for consolidated shipments, if not specifically exempted. This requirement directly impacts Freight Forwarders arranging shipments into Canadian ports. Freight forwarders are liable for the transmission of house bill data […]

Industry Insights

Sign up for our latest articles and events.

Roanoke is the leading provider of insurance and surety solutions for transportation and logistics providers. In fact, we are recognized as the most reliable source for U.S. customs bonds.


If you have any questions or need help, feel free to contact with our team.



1475 E. Woodfield Road

Suite 500

Schaumburg, IL 60173


390 Bay Street

Munich Re Centre, 22nd Floor

Toronto, ON M5H 2Y2

Solutions that Go the Distance.

© 2021 Roanoke Insurance Group Inc. A Munich Re company

Better Business Bureau logoCoverholder at Lloyd's logo