
Ask HN: Why are companies paying ransom ware fees? - a_lifters_life
Can anyone explain?
======
DanielStraight
Obviously it would be better in the long-term, global perspective for no one
to pay. If no one paid, no one would continue making ransomware.

But that requires that the everyone hit by ransomware before people give up on
making it be willing to sacrifice their own good for the good of those who
would be hit after them, since equally obviously it's better for a company to
lose $20k than $20MM worth of information.

It is very difficult to get people to sacrifice their own good for the good of
others in the future, even when that future global good vastly outweighs the
present local good.

See also: Climate change

------
davismwfl
It is simple, as others have said. It is a small cost to pay to get back in
business quickly.

That said, what is going to happen is no different then what has happened in
history for other forms of "terrorism" (which essentially ransomware is,
someone is terrorizing an organization by holding them hostage).

Once a company has been hit multiple times or has had enough the company will
assemble one or more response teams, they will spend money to go after the
people and start preventing it, that is when companies will stop paying.
Companies already get the authorities involved, but face it that is an
investigation after the fact right now. It won't change until companies
essentially protect themselves better and become more offensive in nature,
which in some corners they are doing. BTW -- offensive doesn't mean they are
out killing people, just that they are putting on an offense to prevent this
stuff instead of waiting for shit to happen and being forced into paying a
ransom.

~~~
a_lifters_life
Do you consider this an assumption? > It is a small cost to pay to get back in
business quickly.

Theres no guarantee by paying the ransom that you receive your data.

------
davide101
Because the cost of paying is often far lower than the cost of not paying due
to lost productivity.

------
barefootcoder
I think that this is basically a case of the Prisoner's dilemma. In the long-
term, big-picture, it would be best not to cooperate, but each business that
has been targeted is in a situation where they need immediate access to their
files. Their immediate survival is at stake and they can't afford to make an
investment in the long-term view. While it doesn't exactly parallel the formal
statement of the dilemma (all victims not participating wouldn't get their
files back), in the long term it does by removing the motive for creating the
ransomware in the first place.

[https://en.wikipedia.org/wiki/Prisoner%27s_dilemma](https://en.wikipedia.org/wiki/Prisoner%27s_dilemma)

------
iSloth
Because they forgot to pay for backups, so don't have copy of the data they
need.

------
draw_down
Well, what's your proposed alternative?

~~~
chatmasta
Use git?

------
id122015
for the same reasons we pay taxes.

Its not that we are not capable to crowdfund the construction of a bridge
without gov. intervention.

