Until the last few years, conventional wisdom said never to pay the ransom that ransomware criminals demanded, because it only encourages them. Despite those warnings it was rumored that somewhere around 40% of all ransomware victims paid the ransom.
Now it seems, many impacted companies have been paying the ransom and the very few who didn’t probably wish they did. There is evidence that ransomware recovery companies who claim to help recover environments without paying the ransom are often paying the ransom and getting the decryption key in secret.
Who’s paying ransoms?
I spoke with John Mullen, of Mullen Coughlin, who has been involved with thousands of cybersecurity incident responses in his career. His firm handled over 1,200 privacy matters last year and will handle over 1,500 in 2019.