In a recent post by an analyst from Forrester, an American market research company that provides advice on existing and potential impact of technology, to its clients and the public, the analyst opined that executives should consider paying the ransom as a viable option along with other responses.
It qualified its comment to add that even though they were directed by the authorities NOT TO pay the ransom, when business operations have come to a halt and costs begin to increase, paying the ransom becomes a tempting option.
The report further adds that recovery is complicated even if organisations have good backups that survived the attack. Many organisations significantly underestimate the scale of disruption they need to plan for or make too many assumptions about what functionality will continue to exist after an attack.
We agreed with the rationale but in our professional opinion, organisations should NOT pay. Similar with the rationale of the law enforcers, organisations should not even contemplate this option. Paying will not only encourage it but it could also lead to cyber criminals making a living out of this. It could possibly create a sustainable ecosystem and the growth of the industry where it is a possible career path to explore for the next generation of youths.