“Cybereason on Tuesday released a report that found some 80% of organizations that paid a ransom were hit by ransomware a second time — and 68% said the second attack came less than one month later and the threat actors demanded a higher ransom amount.”
The apparent response to this is to argue against paying a ransom, and it’s hard to argue with that. It’s also hard to argue with organizations that will collapse or, in the case of healthcare, kill someone by not paying it.
Whatever you choose to do, though, the next step needs to be doing everything possible to make sure it doesn’t happen again instead of breathing a sigh of relief that you got your data back and continuing business as usual. That would seem to be the common mistake here.
Don’t make that mistake.
Security pros, where do you fall on the debate on paying or not paying, and does this report change your thinking?