Deciding whether to pay the ransom after you've been hit by a ransomware attack is a tricky balancing act.
On the one hand you've got the theory - much like the government's approach to terrorism - that you should never negotiate. All doing so does is confirm you as reliable payer of ransom, potentially making yourself an even larger target for future attacks.
On the other hand, simply handing over a few thousand pounds to simply remove the headache is very tempting.
Best practice is to simply not pay. As Kansas Heart Hospital confirmed last week, despite paying the ransom their files were not unlocked and returned to them.
Having a proper process in place ahead of time is the real key. You may find our ransomware prevention checklist helpful in developing your own.
Kansas Heart Hospital in Witchita was hit with ransomware last week. The ransomware attack occurred on Wednesday and the KWCH 12 news video from Friday night said some files were still inaccessible by the hospital. Hospital president Dr. Greg Duick refused to disclose the ransom amount and the ransomware variant; he said, “I'm not at liberty because it's an ongoing investigation, to say the actual exact amount. A small amount was made.” Yes, the hospital paid the ransom. No, the hackers didn’t decrypt the files – at least it was described as not returning “full access to the files.” Instead, the attackers asked for another ransom. This time the hospital refused to pay because it was no longer “a wise maneuver or strategy.”