The Ethics of Ransomware: Is it Ever Okay to Pay?

1 July 2021

Ransomware attacks are never far from the headlines and as their scale grows the sums involved have become eye wateringly high.

Ransomware attacks can have devastating effects on organisations of all sizes and seriously impact the wider community. In a properly orchestrated ransomware attack, recovering files without a decryption key is virtually impossible, and it is incredibly difficult to trace digital currencies that are used for ransom. This in turn makes the identification and prosecution of perpetrators very challenging and makes this particular crime attractive to those who commit it.

Security experts have warned that ransomware is the fastest growing form of computer malware. Like other worms and viruses, it usually finds its way into a system by exploiting a hole in vulnerable software or by tricking users into installing it.

This sophisticated form of malware then prevents users from accessing their computer files, systems or networks, and demands that a ransom is paid for its release. Due to the proliferation in exploitation methods, you can unknowingly download ransomware through several simple and seemingly innocent actions, such as: opening an email attachment, clicking an ad, following a link, or even visiting a website that’s embedded with malware.

Once the code is loaded on a computer, it will lock access to the computer itself or the data and files stored there. More menacing versions of ransomware can also encrypt files and folders on local drives, attached drives, and even networked computers. This has been a cause for concern for companies across the world since 2015, when the number of ransomware scams began to grow on an international scale.

Ransomware attacks tend to target specific industries and sectors, with size and volume being the main characteristics hackers look out for. However, it is also common for small businesses to fall prey to ransomware attacks. The reasons are commercial – often small businesses lack funds to own high-tech, anti-virus defence mechanisms. This makes them extremely vulnerable to such cyber predators.

Factor in the Covid-19 pandemic and you have a huge increase in employees using personal devices to access company data. With the surge in employees now working remotely, mobile devices are a necessity to keep businesses going. However, the infrastructure around this has to be carefully managed from the top downwards – like a cascading waterfall of security.

With this increase in mobile device users, ransomware targeting mobile operating systems has followed in quick succession. Characteristically, mobile ransomware payloads are blockers, since there is little incentive to encrypt data as it can be easily restored via online synchronization. Mobile ransomware attackers typically target Android users, as the platform allows applications to be installed from third-party sources.

Different tactics are employed on iOS devices, such as exploiting iCloud accounts and using apps such as Find My iPhone to lock the device. On iOS 10.3, Apple patched a bug in the handling of JavaScript pop-up windows in Safari that had been exploited by ransomware websites. It has recently been shown that ransomware may also target ARM architectures like those that can be found in various Internet-of-Things (IoT) devices.

Irrespective of the size of your organisation, our advice is that no matter how challenging the situation, you should never pay a ransom. There are several reasons for this:

  • Even if you pay the ransom, there is no guarantee that you will receive an encryption key
  • You are very likely to be marked and remembered as a ‘ransom payer’ and your information may be passed around criminal networks whereby you could be subject to further attacks
  • Even if you receive a functioning encryption key and regain access to your networks, your data may have already been stolen and sold.

Now, we’re sure you’re wondering, if you shouldn’t pay a ransom – what should you do instead? Your best bet is to not fall victim to a ransomware attack in the first place. There are a wide range of preventative measures you can take to protect yourself, your employees, your organisation and your company/customer data.


10 ways to protect yourself from ransomware attacks

Arm your endpoints
Simply having antivirus solutions installed on your endpoint just doesn’t suffice anymore. Set up privileges so that they perform tasks such as granting the appropriate level of network access or user permissions to endpoints. Two-factor or multi-factor authentication will also help with this.


Gain real-time threat intelligence
Keep your security methods close and your malware enemies closer. Take advantage of threat intelligence from organisations such as IntaForensics to understand the latest security information and become aware of emerging cyber threats.


Back up all your data
Make sure that you have an enterprise data backup solution. In the event of an attack you can power down the endpoint, reimage it, and reinstall your current backup. You will have all of your data and prevent the ransomware from spreading to other systems.


Patch your systems
Make a habit of updating your software regularly. Patching commonly exploited third-party software will foil many attacks. Wherever possible, implement automatic patching so that you’re covered without having to take any physical action.


Enable multi-factor authentication
Unfortunately, the weakest link in the security chain is usually human. Educate your users and insist upon multi-factor authentication.


Protect your network
Taking a layered approach will save you a whole load of hassle and increase your security. Technologies such as next-generation firewall or intrusion prevention systems (IPS) should be your best friend.


Segment network access
Limit the resources that an attacker will be able to access. By dynamically controlling access to resources based on sensitivity, such as confidential or critical data, you can help ensure that your entire network is not compromised by a single attack.


Keep an eye on network activity
Being able to see everything that’s happening across your network can help you to uncover attacks that bypass the perimeter. Deploy a demilitarized zone (DMZ) subnetwork or add a layer of security to your local area network (LAN). Leverage your chosen security platform to effectively bring all of the information together to triage, analyse and respond quickly and effectively.


Prevent initial infiltration
Most ransomware attacks occur through either an email attachment or a malicious download. Stop the problem at the source by diligently blocking malicious websites, emails and attachments through a layered security approach and a company-sanctioned file-sharing programme.


Engage with incident response specialists
Incident response teams such as IntaForensics provide a full suite of proactive and emergency services to help you prepare for, respond to, and recover from a breach. We provide comprehensive cyber security packages, tailored to your requirements, that are designed to prevent, monitor and respond to security breaches of all sizes.


IntaForensics provides a comprehensive range of cyber security services designed to prevent, monitor, and respond to security breaches.

We boast a team of 50 cyber security and digital forensics experts and a growing market presence. Our consultants will be able to assist with all Digital Forensic Investigations PCI/DSS QSA, PCI/DSS PFI, Cyber Security and Incident Response.

Quality underpins everything we do, and we are proud to be UKAS 17025:2017 accredited and ISO/IEC 27001:2015, ISO 9001:2015 and ISO 14001:2015 certified.

To find out more about our services contact us today. Alternatively please email us at or Tel: 0247 77 17780.

Talk to our consultation team today

Contact Us

I can honestly say that your excellent customer service and communication has made our forensic instructions to you exceptionally easy. I am very conscious of the amount of time I must have taken up with various queries, requests, and then changed requests but you have always been very patient, polite and extremely helpful.

Case Review Manager - Criminal Cases Review Commission