Skip to main content
Small business meeting to determine how to protect the business from ransomware attacks and how to not pay the ransom.

Should you pay the ransom demanded by malicious actors after a successful ransomware attack? Probably not. While it can sometimes be cheaper to pay the demanded ransom instead of restoring network backups or working with a cybersecurity service provider to decrypt your data, the malicious actors will not always keep their word and send the promised decryption key. Also, they may take further action to harm your network, even if you pay the ransom. In this article, we want to talk about what can happen after paying a ransom, steps SMBs should take after a ransomware attack, and some of the best ways to protect your business!

Should You Pay the Ransom?

When a business complies with a hacker’s demands and pays the requested ransom, the attacker is supposed to then send the required decryption keys needed to restore the network. Sometimes, however, the attackers will not send the decryption keys and demand further ransom. Attackers can also perform a double extortion attack and threaten to use the information they have stolen to attack a company’s clients and contractor’s unless they pay the hacker group more money. In some cases, attackers will send the decryption keys as promised before selling sensitive data they stole and setting up follow-up attacks because they know that company will pay the ransom.

What to do After a Ransomware Attack

If malicious actors successfully attack your business with ransomware, then your IT department must act quickly to mitigate the possible damage done to the network. Pre-prepared emergency response plans put in place by the business must be followed closely, and IT staff must identify any reliable ways to recover the network, such as by restoring it to a recent backup. If your company does not have emergency plans in place or needs help navigating the situation, a local IT consultant may be able to help. It is also important to identify any clients or third parties the company may be legally required to notify, depending on the type of information managed by the business.

Preventing Ransomware Attacks

Malicious actors that launch ransomware attacks often target the same company multiple times after they know the business will pay the ransom. To prevent subsequent attacks from occurring, it is critical that a business works with an IT consultant to have a thorough network assessment. With the right recommendations, swift action can be taken to prevent follow up attacks from occurring and verify that the hackers no longer have lingering access to the business’ network. Even if a ransomware attack has not been launched against your business, working with an IT consultant to implement the right security layers and monitor your network appropriately can prevent potential attacks targeting your business.


Ransomware attacks can cause a business to close its doors overnight, and choosing to pay the ransom demanded by hackers can sometimes lead to further attacks and damage to the business. This means that preparing for potential attacks and planning for how to handle a successful one can have enormous consequences for a business. Here at Robinett Consulting, our team believes small businesses should develop a strong cybersecurity posture to lower chances of them having to decide to pay the ransom or not. Our IT specialists offer threat assessments and expert IT advice on how to better defend your network from hackers!

Robinett Consulting

Author Robinett Consulting

At Robinett Consulting, we are your consultative partner who strives to grow your business and have technology truly enabling you. We aim to understand you and your business so that you do what you do best unhindered by your IT.

More posts by Robinett Consulting