Ransomware attacks are trivial to execute and there is little, if any, risk and no penalties for the attackers. As a victim, there are no good choices once an organization is hit by ransomware. You can ignore the ransom demand and restore your data from backups and take your chances with the risk of data exposure. At the same time, the reality is that it doesn’t pay to pay--it is not a guarantee that you will get all of the data back in a usable state.
In addition, when you pay the ransom you are essentially funding these criminals who are acting as terrorists. The chances are that you are funding additional research and development of the next exploit or ransomware variant, so paying the ransom just makes the problem bigger.
Organizations that pay the ransom also risk putting a bullseye on their backs—making themselves attractive targets for future ransomware attacks because they have established that they’re willing to pay. The only good option is to avoid having your data stolen or encrypted in the first place, which is why it needs to be a global priority to solve this crisis.
Article Link: Solving the Ransomware Crisis