Once Again the Ransom was Paid, Should You?

June 10th, 2021   |     |  security and compliance, culture & news

Today a major beef supplier, JBS, announced they paid 11 million in ransom after the systems that managed their meat plants were breached by ransomware hackers. Their CEO, Andre Nogueira stated, “This was a very difficult decision to make for our company and for me personally. However, we felt this decision had to be made to prevent any potential risk for our customers.” This story is becoming all too common.

A month ago Colonial Pipeline suffered a malware attack that caused a shutdown of a major part of the fuel supply to the East Coast for several days. They chose to pay a $4.4 million ransom the day after they detected the ransomware attack. Their CEO, Joseph Blount, stated “I made the decision to pay, and I made the decision to keep the information about the payment as confidential as possible. I kept the information closely held because we were concerned about operational safety and security, and we wanted to stay focused on getting the pipeline back up and running.” This week the FBI announced that they were able to get back $2.3 million. What would have happened if Colonial Pipeline hadn’t paid? The pipeline could have been shut down a lot longer if they hadn’t paid. They could have been forced to pay in the end anyway and, of course, it is possible that they could never have retrieved any of the money they paid out.

So does this mean that you should pay?

The FBI says, “Never pay ransom.” Some would argue that if we all didn’t pay, ransomware would just stop. Whenever an organization pays they are encouraging future ransomware attacks. In fact, your payments could be supporting other criminal activities.

But what if you are a hospital and your patients are depending on the infected systems to live? What if the 911 system of a city is hit and lives will be lost if the system is down? Aren’t the human lives at risk more valuable than the amount of the ransom being demanded? Shouldn’t the risk of losing human lives be a strong reason to ignore what the FBI says and pay the ransom?

How about when crucial parts of our infrastructure are at risk? Food supplies? Electricity? Water? Fuel Pipelines? Colonial Pipeline controlled a major part of the fuel supply to the East Coast. Just being shut down for a few days triggered severe fuel shortages and fuel hoarding.

Should we agree that if human lives are at risk or if the attack could affect millions of people we should always pay the ransom? Where do we draw the line? According to a Kaspersky study last year, 56% of ransomware victims paid the ransom but a quarter of those never got their data back. Should you pay the ransom if there is a 1 in 4 chance that it won’t do any good and you will never recover your data?

So should you pay or not? The answer for many is “it depends.” You need to take multiple factors into account and make the best decision for your organization.

  • Are lives at risk?
  • If you can recover the data, how long will it take?
  • Would the cost of downtime to recover data cost more than the ransom demand?


There is no easy answer to the “Pay or Nay?” question when it comes to ransomware. The FBI says to never pay. When the ransom is paid you are encouraging the attacks to continue and could be contributing to larger criminal enterprises. However, if the loss of data could cause the loss of human lives or affect millions of people by disrupting the food supply chain the decision is not so easy. By shutting down meat plants as in the JBS case and by cutting off fuel supplies as was the case with Colonial Pipeline, these ransomware attacks are affecting millions of consumers. We can understand why these organizations decided to pay; the cost of not paying was far greater than the price of the ransom. Hopefully, we can all learn from these attacks and prioritize putting resources into cybersecurity prevention and detection.

Alicia Townsend, Dir. of Content and Documentation
About the Author

For almost 40 years, Alicia Townsend has been working with technology as both a consultant and a trainer. She has a passion for empowering others to use technology to make their lives easier. As Director of Content and Documentation at OneLogin, Ms. Townsend works with technical writers, trainers and content marketing writers to inspire and empower everyone to take advantage of what OneLogin’s platform has to offer them.

View all posts by Alicia Townsend

Alicia Townsend, Dir. of Content and Documentation
About the Author

For almost 40 years, Alicia Townsend has been working with technology as both a consultant and a trainer. She has a passion for empowering others to use technology to make their lives easier. As Director of Content and Documentation at OneLogin, Ms. Townsend works with technical writers, trainers and content marketing writers to inspire and empower everyone to take advantage of what OneLogin’s platform has to offer them.

View all posts by Alicia Townsend

Secure all your apps, users, and devices