Depending on the complexity of the environment and the amount of data encrypted, this could cost the organization more than the ransom, perhaps even 10 to 20 times the amount.
- What would you do if you were the cybersecurity analyst that had to advise the city of Baltimore and/or the smaller cities?
- Would you pay the ransom? Consider both sides of the argument by conducting internet research to understand the different viewpoints. When you are ready, explain why you would or would not pay the ransom.
- If you agree to pay the ransom, what are you going to tell the CEO if the hackers don’t end up providing the decryption key to unlock the files or come back and ask for even more money?
- If you don’t agree to pay the ransom, what are you going to tell the CEO, especially if the costs to restore far exceed the ransom?
- Are there ethical considerations? If your organization pays, will other organizations be vulnerable to similar attacks on their systems?
- Would you have a different decision if you were working for a small organization like Mercury USA?