May 21—Earlier today, reports indicated that Colonial Pipeline shelled out 75 bitcoin, roughly $5 million, in order to retrieve ransomed files from hackers.

Although organizations, such as the US Federal Bureau of Investigation, condemn ransomware payments, in select instances, they can be lifesaving; either figuratively or literally.

In such cases, organizations typically lack the infrastructure, the remediation tools or the time to restart systems from backups. Organizations may contend that it’s easier to quietly pay ransom fees and to move on.

Notably, as many as 45% of US companies pay cyber criminals for file restoration. However, only 26% of those paying extortion demands have had their files unlocked.

The price is right

For hackers, ransom extortion is a game. Can they accurately predict how much a company is willing to pay in fees? Many ransomware gangs try to. Ransomware attackers are known to assess their targets’ financials ahead of showtime. As a result, hackers can set a price that a victim is likely to pay.

Ransom payment punts

Cyber security experts and policy makers alike have complex and, at times, contradictory views regarding ransom payments. As ransomware has become a matter of national security in the US, will authorities take a tougher stance?

For more on the Colonial Pipeline attack and the latest ransomware schemes, visit The Wall Street Journal. For past coverage of these issues, click here.