An article from Symantec explains why organizations that find themselves victims of ransomware should not pay the fees demanded by perpetrators. As noted by the author, security experts and law enforcement agencies, including the FBI, recommend that victims not give in to ransomware attackers’ demands, and yet they are aware many victims elect to pay. The author examines this recommendation in light of recent real-world ransomware attacks in which victims paid and didn’t pay. Among these is the Ryuk ransomware attack on the Onslow Water and Sewer Authority (ONWASA) that occurred last month (navigate to WaterISAC’s portal page on the attack and the materials from its October Cyber Threat Briefing for more information). According to Symantec, the utility set about rebuilding its system from backup rather than pay the ransom. Any ransom monies “would be used to fund criminal, and perhaps terrorist activities in other countries. Furthermore, there is no expectation that payment of a ransom would forestall repeat attacks. ONWASA will not negotiate with criminals nor bow to their demands,” said utility officials in a statement. Symantec.