Skip to content

To Pay or Not to Pay: Navigating the Ransomware Dilemma

The digital world has become a battleground in recent years, with ransomware attacks taking centre stage. The years 2020 and 2021 saw a significant spike in ransomware attacks, partly fueled by the pandemic’s remote work culture, leaving UK businesses and individuals in a bind.

Fast forward to now, a glimmer of hope emerged with a 23% drop in ransomware attempts, partly due to the decline in the value of cryptocurrency (hackers’ preferred payment type) and the impact of the Russia/Ukraine war. But the decision to pay a ransom or not continues to loom over the cyber landscape like an ominous cloud.

What Is the UK Authorities’ Stance on Paying Ransom?

The guardians of the UK’s cyber frontier, including law enforcement and the National Cyber Security Centre, stand firm against paying ransom. Their rationale is straightforward — paying a ransom is like groping in the dark with no guarantee of regaining lost data while fuelling the work of criminal groups and painting a target on one’s back for future attacks.

The UK has fortified its legal framework to counter cyber threats, especially by enforcing financial sanctions under the Cyber sanctions regime since May 2019. This regime transitioned into the Cyber (Sanctions) (EU Exit) Regulations 2020 post-Brexit, under the Sanctions and Anti-Money Laundering Act 2018, aiming to thwart cyber activities threatening the integrity, prosperity or security of any nation, including the UK.


It’s a robust legal framework designed to shield the economic and commercial interests from malicious cyber activities’ fallout.

The regulations include asset freezes and travel bans targeting individuals involved in harmful cyber activities. An asset freeze is exactly what it sounds like, which prohibits making funds or economic resources, including crypto assets, available, either directly or indirectly, to those identified as detrimental players (DPs).

Breaching these financial sanctions is a serious criminal offence, with the Office of Financial Sanctions Implementation (OFSI) vested with the power to impose civil monetary penalties under the Policing and Crime Act 2017. The penalties can be severe, with the maximum being either £1 million or 50% of the value of the breach, whichever is greater.

Although the OFSI holds the power to issue monetary penalties, it also explores other avenues to address cases, showcasing a multi-pronged approach to enforcing financial sanctions. This legal framework serves as a vital reminder to organisations and individuals about the legal landscape surrounding the decision to pay a ransom in ransomware attacks.

Reaching out to DriveSavers as soon as possible is vital for maximising the chances of a successful data recovery, regardless of whether or not you’ve contacted the attacker yet. We offer a complimentary consultation to guide you through viable steps and explore alternative solutions that are cost-effective and save time. It’s important to realise that paying the ransom doesn’t guarantee that the victim will obtain the decryption key or recover access to their files.” Mike Cobb, Director of Engineering

Should I Pay? Factors to Consider

When caught in a ransomware attack, every decision could have profound implications. The question of whether to pay ransom money or not is the epicentre of this cyber dilemma. It’s a precarious tightrope walk, where on one side lies the hefty cost of the ransom, and on the other, the criticality of the lost data that might be the lifeblood of your business operations or the privacy of your clients.

The antagonists in this digital drama, the ransomware groups, further muddy the waters. Their credibility, or the lack thereof, is a pivotal factor that could sway your decision. Are they known to keep their end of the bargain, decrypting the data once the ransom is paid? Or are they notorious for vanishing into the ether once the ransom money hits their cryptocurrency wallet?

These aren’t just hypothetical scenarios but real-world dilemmas played out in the theatre of ransomware attacks.

Alongside those considerations, there’s the beacon of hope that data recovery might be possible without paying ransom, adding another layer to the complex decision-making process.

Related Reading: Bulletproof Your Backups

Each choice in this scenario has its own set of pros and cons. The stakes are high, given the repercussions are not just monetary and could have a domino effect on your reputation, customer trust, and, in some cases, the very survival of your business.


This backdrop sets the stage for a reactive response to ransomware attacks and a proactive, well-thought-out strategy to mitigate the risks and navigate the treacherous waters of the ransomware dilemma.

Knowledge is power, and professional guidance is the key. Understanding the intricacies of ransomware attacks, the MO of ransomware groups and the options available for data recovery without paying the ransom can provide a semblance of control in a seemingly uncontrollable situation.

The expertise and advice of cybersecurity professionals and data recovery specialists could turn the tide in your favour, with your data integrity and business operations intact.

Preemptive Measures

Prevention is, of course, worth a pound of cure. Having a strong line of defence with secure data backups, robust incident response plans, and layers of security like email protection and 2-factor authentication to defend against phishing attacks can be your shield against ransomware tricks. Like having a spare tyre in your car, being prepared can significantly reduce the impact of such cyber onslaughts.

A Note on Cyber Insurance

Cyber insurance has emerged as a buffer for organisations navigating cyber threats, particularly ransomware attacks. This form of insurance often covers the costs associated with such attacks, including the ransom amount demanded by malicious actors.

This financial cushion is a significant reason many organisations opt to pay the ransom, as the insurance alleviates the financial burden of the ransom payment. By covering the cost, cyber insurance enables organisations to restore their operations with lesser financial strain; deciding to pay the ransom is a more palatable option. 

Nonetheless, while this insurance coverage provides a financial reprieve, it’s essential to note that it may also inadvertently perpetuate the cycle of ransomware attacks, as cybercriminals are emboldened with every successful ransom payment.

When You Should Pay and Why

The bitter pill to swallow is the stark reality that sometimes, paying the ransom could be the only viable option, especially when the data held hostage is of critical operational importance or contains sensitive customer information. 

The magnitude of damage that could ensue from the loss or exposure of such data might far outweigh the ransom amount, deciding to pay ransom money a lesser evil in a dire scenario. It’s a difficult decision, where the urgency to restore data access and maintain business continuity pushes the scale towards paying the ransom.

files are encrypted

Financial Pragmatism

The financial dimensions of a ransomware attack are multifaceted. The cost analysis extends beyond the ransom amount to include the potential financial harm that could result from operational disruptions, legal liabilities and reputational damage. 

When the cost of recovering from the attack without paying the ransom skyrockets beyond the actual ransom demand, financial pragmatism might tilt the decision towards settling the ransom. It’s a grim calculus where the lesser financial setback might be chosen to mitigate larger monetary damage. In 2021, a report indicated that companies paying ransoms regained just 61% of their data, with just 4% recovering all of their data. Even after payment, there’s no certainty hackers won’t leak or sell what they’ve stolen.

Expert Guidance

Treading the perilous path of deciding whether to pay ransom requires professional input and expert guidance. The landscape of ransomware attacks is laden with pitfalls, legal ramifications and technical intricacies that demand a seasoned understanding. 

Engaging with data recovery specialists who can provide a well-informed perspective based on a thorough analysis of the ransomware strain, the credibility of the attackers and the technical prospects of data recovery is vital.

Their expertise can illuminate the risks, potential outcomes and legal landscape surrounding the decision to pay ransom, providing clarity in navigating the ominous ransomware terrain.


When Not to Pay and Why

On the brighter side of the grim ransomware saga, encrypted data can often be recovered through alternative means, negating the need to pay ransom.

This could be through well-maintained backups, decryption tools released by cybersecurity firms or expert tools deployed by data recovery specialists that allow for data retrieval. When such alternatives are viable, withholding the ransom money becomes a pragmatic and advisable choice.

It’s like having a spare key when you’re locked out, rendering the locksmith’s service (or, in this case, the ransom payment) unnecessary. This route not only saves financial resources but also stands as a defiance against the malicious intent of ransomware attackers.

Response Strategy Post-Incident

In the aftermath, clear communication with stakeholders, thorough damage assessment and consultation with experts are imperative. Whether you decide to pay the ransom or not, focusing on bolstering your cyber defences for the future is paramount. It’s about learning from the skirmish and fortifying your digital fortress.


Useful Ransomware Links

Whether you are looking for further insights, guidance or tools, these resources are a gateway to a wealth of knowledge awaiting your exploration.

Exercise in a Box

A digital toolkit courtesy of the National Cyber Security Centre (NCSC), Exercise in a Box enables organisations to gauge their resilience against cyber attacks and hone their response strategies within a secure setting.

Early Warning

This is a complimentary service from the NCSC, crafted to notify your organisation of potential cyber threats on your network at the earliest. Early Warning harnesses a diverse array of information channels from the NCSC, plus reputable public, commercial and exclusive sources, encompassing several feeds that are uniquely accessible here.

Cyber Incident Service

There’s also the Cyber Incident Service provided by the UK government. Check out the guide Where to Report a Cyber Incident to find out who you should be alerting.

Ransomware Wrap-Up

Since ransomware hits many different types of organisations, the decision to pay can’t have a one-size-fits-all answer. In a perfect world, no one would pay the ransom. Paying ransom is simply making a space that welcomes criminals. But the truth for many organisations is that the services they offer are hugely affected every day they are shut down.

Navigating ransomware attacks is an ordeal. The decision to pay a ransom is complex and laden with financial, ethical and legal quandaries. Professional intervention is often a beacon of hope amidst the chaos.

Companies like DriveSavers, with our expertise in data recovery, can be your ally when an attack happens, helping to traverse the ransomware dilemma with a fortified strategy. 

In a world where cyber threats lurk around every digital corner, having a reliable and expert ally can make all the difference in safeguarding your precious digital assets.

Have you been hit with a ransomware attack?

<Get in touch for a free evaluation>

Back To Top