Ransomware attacks can be devastating for both businesses and individuals. Without a proper recovery plan in place, or in the absence of secure backups, companies risk catastrophic data loss, while individuals could lose irreplaceable files of sentimental value like family photos and videos.
If there was simply no way to unlock its systems and recover its data, what is an organisation supposed to do? Should it simply shut up shop and close its doors? Make its staff redundant? Potentially harm other businesses that relied upon its services and products?
I think it can easily be argued that the financial and human cost of a company going bust could be much larger than the ransom demanded by a cybercriminal gang. And that, undoubtedly unpleasant as it is, it may be a better choice to pay the ransom than to not pay it.
For instance, take the impact on healthcare services when they are hit by a determined ransomware attack. Any delays in recovery may put lives at risk. A ban on ransomware payments may have the very best of intentions – but still have serious and costly unintended consequences.