[hannob]

> For your particular case it could be the best solution to just pay - as even police departments have done before.

It could be the best solution for you to pay - if you don't care that you'll finance the attacks on other people and cause more harm overall.

So yes, from a purely egoistic perspective it makes sense.

The question you should ask is not "is it worth paying xxx for my data?", it's "is it worth paying xxx for my data and destroy the data of someone else?".

[mioelnir]

One option gives an immediate, personally beneficial effect - "you get your files back".

The other option gives you an immediate, personal loss - "your files are gone" - together with an all but unobservable, mid- to longterm benefit for society.

You can of course hope for the majority to take the second option, but hope is the first step on the path to disappointment.

[ewzimm]

But your individual case isn't going to affect their behavior. If you wanted to change the situation, not paying simply isn't going far enough. You'd need to coordinate with other potential victims or do something like this website and spread defenses. Without putting effort into organization, your thinking that you've helped others is pure egoism because these schemes only require a few people to pay to be profitable.

[TeMPOraL]

Welcome to the real world. It's twisted in exactly this, game-theoretical way.

In case of ransomware, criminals are exploiting the very difficulty of victims to coordinate their actions. They depend on you paying instead of solving it yourself, educating others, or even simply calling the police. In other words, they profit directly off people's short-term, selfish thinking. The advice of defaulting to not paying is sound because if enough people follow it, the whole ransom stops being viable, which makes ransomware attacks stop coming.

The same, by the way, is the tried and true way of dealing with regular, meatspace, "I kidnapped your daughter" ransom cases.

[wpietri]

> But your individual case isn't going to affect their behavior.

It isn't going to affect them much. But as anybody who runs a business knows, the difference between loss and profit generally hinges on a number of sensitive factors. Note, for example, that drug dealing pays so poorly that many drug dealers live with their moms:

http://articles.latimes.com/2005/apr/24/opinion/oe-dubner24

Refusing to pay on your own doesn't help other people much, but it still helps.

[happy-go-lucky]

That's a convincing argument.

[reddytowns]

That assumes that others people even do exist, and how do you know that? You could be in a computer simulation of some kind.