[pc86]

> What would stop them from paying the ransom

They can bring their systems back up and operational for less cost (both immediate, but also payroll during the fix, lost revenue from both downtown and reputationally after they're back, and opportunity cost off the top of my head).

Your only two options and rebuild on your own at significant cost or pay the ransom. There were long, heated discussions about what to do, and several people suggested paying the ransom but we ultimate decided not to and it ended up costing more than the ransom if you factor in payroll and lost revenue.

I still think out of principle you shouldn't pay the ransom, ever. Assume whatever the ransom would cost is already gone, if you can rebuild for less than that (you probably can't) it's a win.

[m-p-3]

But even when paying the ransom, you still need to roll back a portion of your environment after you've assessed the intrusion. Can you really trust you've patched everything and removed all trace of persistence that was put by the attacker as a contingency to get back in the system?

[NoPicklez]

That's the job of an external cyber incident response team who can trace how it occurred and to check that the vulnerability has been appropriately eradicated and locked before resuming business operations

[miohtama]

The easiest targets are those that are publicly known to be vulnerable.

[beardyw]

> I still think out of principle you shouldn't pay the ransom, ever

There may have been a time when a company would act on principle, but I think it's very rare today. You hardly even expect people to do that. It's the world we have made.

[FredPret]

All human activities, including things like principles, charity, sacrifice, and duty, are ultimately self-serving attempts by the biological DNA and cultural memes that constitute us to replicate and improve it's standing.