How Not To Do It

Digital ransomware not paying

Maastricht University, for example, will get back the ransom it paid in a ransomware attack in 2019. And because the criminals' account, which has since been seized, was filled with cryptocurrency, the university will now also receive Bitcoins - which are now worth many times more than they were back then. However, this stroke of luck should not be a model for other institutions and companies to pay digital ransom. The following still applies: It is not worth paying!

The numbers away from Maastricht University speak for themselves. In the study "Ransomware: The True Cost to Business 2022", a very different picture emerges around ransomware attacks: Thus, a large proportion of companies (82 percent) that had paid a ransomware claim became victims of attackers again. But not only that! More than half (63 percent) also had to pay more the second time than the first time they were attacked. A full 66 percent of respondents who were victims of ransomware a second time were targeted again by the same attackers.

If that is not enough proof that you should not pay, you can also take a look at the costs and benefits of ransom payments: On average, respondents in Germany paid just under half a million euros in ransom. But only just under 30 percent of the companies that paid got their data and systems back without any problems. In the 70 percent of other cases, problems arose because some of the returned data was damaged or the data thieves' encryption keys did not work properly. For the high sums of money demanded, this is a risky gamble with poor prospects.

So unless it's a matter of life and death, for example because vital and acutely necessary medical data is encrypted, companies should not respond to ransomware scammers' demands.