Cyber Security, Industry Insights

Ransomware. To Pay Or Not To Pay? That Is The Question.

Share This:

If you haven’t been the victim of a ransomware attack yet, you may be someday soon. According to research by the cybersecurity company, Malwarebytes, six of every ten malware infections during the first quarter of 2017 were attributed to ransomware.1 If and when it happens to you, you will have to decide whether to pay the ransom or not. Here are some things to consider that may help in coming to the right decision for you.

If You Decide To Pay

If you pay the ransom, you may get your data back and your operations can return to normal. You can reduce business interruption, although investigation and remediation of any damage to the system is still necessary.

If you pay the ransom, at least there’s a better chance of getting your data back. But there are a few things to consider. First off, bad guys aren’t known for keeping their word. In recent large-scale attacks, the emails associated with digital currency payments were disabled shortly after the attacks and there was no way for the attackers to track who paid ransom and who did not. In other attacks, hackers simply took the money and never provided the encryption keys. In still others, once a ransom was paid and the attackers provided the encryption key, they returned and attacked again.

Another thing to consider if you decide to pay the ransom is that you will likely need to purchase digital currency to do so. That is not the easiest thing to do when you’re under pressure and have never done it before. Bitcoin is usually the currency requested and can be purchased through an online exchange, but the transaction is not immediate. It can take anywhere from 24 hours to several days to set up an account and process a transaction. For that reason, if you determine that you’re inclined to pay ransom, you may want to purchase some Bitcoin or other digital currency to have on hand to facilitate the transaction. However, be mindful that you will need to have access to the funds should your system become encrypted, so you will want to set up your account and store your currency somewhere separate from the system you wish to protect.

Although the media have reported a few ransomware cases with demands that range from tens of thousands to millions of dollars, the average demand in 2016 was $679.2 If you plan to purchase digital currency to have on hand in case of a ransomware event, purchasing between $300 and $1,000 would meet the demands of most attackers.

If You Refuse To Pay

The Federal Bureau of Investigation strongly urges us not to pay ransom.3 Paying ransom fuels the ransomware business, providing incentive for the bad guys to keep on doing it.

The down side of refusing to pay is that you won’t be able to access your data, at least not right away. This is where it’s important to have a forensic investigation to determine what type of ransomware was deployed. If you know the type of malware, the chances of resolving the issue are much higher. In many cases, security companies publish free encryption keys that unlock particular ransomware.

Yet, if you are diligent about back ups—backing up to the cloud and to a removable device—you may be just fine. The most inconvenience and expense attached to the attack may be the time spent installing your backup.

An Ounce of Prevention Is Worth More Than Paying Up In Bitcoin

There are two simple things you can do now to reduce your chances of becoming a victim of a ransomware attack. First, make sure your data is backed up both to the cloud and to a removable device, like a flash drive or removable hard drive. Ensure the data are backed up and make sure that when the back up is done that the removable device is disconnected. More sophisticated ransomware attacks encrypt the computer, the network, cloud files and devices attached.

Second, install security updates to your operating system, software and devices. If you keep on getting messages flashing at you to “install updates,” do it. The most recent ransomware attacks that caused the most damage worldwide exploited the fact that companies and individuals did not take the time to install security updates even though they were free and available.


Contains copyright material with permission from The Hartford Steam Boiler Inspection and Insurance Company.



1 Malwarebytes, “Cybercrime Tactics and Techniques, Q1 2017.” (

2 Symantec, “An ISTR Special Report: Ransomware and Business 2016,” ( ware_and_Businesses.pdf)

3 FBI Public Service Announcement, “Ransomware Victims Urged to Report Infections to Federal Law Enforcement,” September 15, 2016. (

Share This:


New Report by BSI Global Intelligence Outlines Leading Causes of Increased Theft

Increased Prices of Fuel, Agricultural Products, and Other Goods are Leading to Increased Theft In partnership with Roanoke, BSI’s Global Intelligence Analysts have provided a high-level outlook on the top supply chain risks expected in upcoming months, based on data and trends from the first three quarters of 2022. BSI’s data shows that thieves globally […]

Industry Insights

2023 NCBFAA Scholarship & Application Announcement

Roanoke Insurance Group is delighted to once again sponsor a $5,000 scholarship to students intending to join the trade industry. The National Customs Broker and Forwarder Association of America (NCBFAA) offers this $5,000 scholarship award yearly and will be presented to the winner at the NCBFAA annual conference in April 2023. The topic for this […]

Industry Insights

Extra Expense Coverage for Logistics Service Providers

Since the beginning of the pandemic, there has been a torrent of news stories about insurance litigation. The media has prominently highlighted Business Interruption claims for losses due to government orders and shut downs have been prominently highlighted. This increased scrutiny has all industries, including logistics service providers, asking, “What is Business Interruption Insurance, and […]

Industry Insights

Sign up for our latest articles and events.

Roanoke is the leading provider of insurance and surety solutions for transportation and logistics providers. In fact, we are recognized as the most reliable source for U.S. customs bonds.


If you have any questions or need help, feel free to contact with our team.



1475 E. Woodfield Road

Suite 500

Schaumburg, IL 60173


390 Bay Street

Munich Re Centre, 22nd Floor

Toronto, ON M5H 2Y2

Solutions that Go the Distance.

© 2021 Roanoke Insurance Group Inc. A Munich Re company

Better Business Bureau logoCoverholder at Lloyd's logo