{"id":21615,"date":"2018-12-10T15:00:16","date_gmt":"2018-12-10T15:00:16","guid":{"rendered":"https:\/\/blog.trendmicro.com\/?p=542383"},"modified":"2018-12-10T15:00:16","modified_gmt":"2018-12-10T15:00:16","slug":"what-happens-when-victims-pay-ransomware-attackers","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/what-happens-when-victims-pay-ransomware-attackers\/","title":{"rendered":"What Happens When Victims Pay Ransomware Attackers?"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" width=\"235\" height=\"300\" src=\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/12\/social-235x300.jpg\" class=\"attachment-medium size-medium wp-post-image\" alt=\"\"\/><\/p>\n<p>For many hackers around the globe, ransomware infections have become a lucrative business. Although these types of malware samples have been around for years now, they continue to spur success \u2013 and high monetary profits \u2013 for attackers.<\/p>\n<p>In fact, according to a statement from U.S. Deputy Attorney General Rod Rosenstein during the 2017 Cambridge Cyber Summit, ransomware attacks now impact <a href=\"http:\/\/www.govtech.com\/security\/Inside-the-Profitable-Underworld-of-Ransomware.html\">over 100,000 endpoints on a daily basis<\/a>. The severity of these infections and the frequency at which victims pay up on ransom demands has enabled attackers to rake in nearly $1 billion in successful payments, Government Technology reported.<\/p>\n<p>However, not every attack is the same, and even in cases when victims pay hackers\u2019 demands, access to data is not always returned.<\/p>\n<h3><strong>To pay or not to pay?<\/strong><\/h3>\n<p>When a ransomware notification appears on-screen, there are numerous questions and considerations that immediately jump to mind. How will the organization support daily operations? How will users access important files and data? Are there backups in place that the business can fall back on?<\/p>\n<p>One of the top questions, though, is whether or not to pay the ransom.<\/p>\n<p>In 2016, the FBI, which is keeping a close eye on the spread and severity of ransomware infections, noted that <a href=\"https:\/\/www.forbes.com\/sites\/haroldstark\/2017\/02\/28\/when-attacked-by-ransomware-the-fbi-says-you-shouldnt-pay-up\/#684c1149f5e6\">victims shouldn\u2019t give in to demands<\/a> and should not pay attackers\u2019 ransoms, Forbes reported. As demonstrated by Kaspersky Labs\u2019 data, this advice is sound, as approximately one in every five companies that fall victim to an attack and pay the ransom <a href=\"https:\/\/www.kaspersky.com\/blog\/cryptomalware-report-2016\/5971\/\">do not receive the promised decryption key.<\/a><\/p>\n<p>In other words, businesses are out money and are not returned access to their critical applications, files and data.<\/p>\n<p>\u201cUnfortunately, however, as is the case with most ransomware attacks, the stakes of losing years worth of important data is always quite high and the ransom demanded usually very small, leading most victims to give in to the attacker\u2019s demands before even reaching out to law enforcement,\u201d explained Forbes contributor Harold Stark.<\/p>\n<p>Let\u2019s examine a few real-world ransomware infection cases, and what can happen when victims do decide to pay attackers.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-542384\" src=\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/12\/blog-1.jpg\" alt=\"\" width=\"800\" height=\"420\" srcset=\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/12\/blog-1.jpg 800w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/12\/blog-1-300x158.jpg 300w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/12\/blog-1-768x403.jpg 768w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/12\/blog-1-640x336.jpg 640w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/12\/blog-1-440x231.jpg 440w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/12\/blog-1-380x200.jpg 380w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\"\/><\/p>\n<p><em>Numerous businesses who fall victim to cyberattacks don\u2019t often get the promised description key.<\/em><\/p>\n<h3><strong>Indiana hospital pays $55,000 after SamSam infection<\/strong><\/h3>\n<p>According to ZDNet, an Indiana-based hospital, Hancock Health, <a href=\"https:\/\/www.zdnet.com\/article\/us-hospital-pays-55000-to-ransomware-operators\/\">elected to pay $55,000<\/a>, or the equivalent value of 4 Bitcoin at the time, after its systems were seized by ransomware sample SamSam. Despite immediate awareness and notification by employee end users, the hospital\u2019s IT team wasn\u2019t able to stem the spread of the pervasive ransomware sample.<\/p>\n<p>All told, the infection impacted nearly all of the hospital\u2019s key IT systems, and users were locked out of email, the electronic health record system and other internal platforms. This includes more than 1,400 files, which were encrypted by attackers and renamed as \u201cI\u2019m sorry.\u201d<\/p>\n<p>The sample used in this case, SamSam, seeks out vulnerable servers, and is able to spread to other machines within the network, enabling a quick and widely-scoped attack. And as ZDNet contributor Charlie Osborne pointed out, hackers will make decisions about the ransom amount based on how far SamSam spreads within the victim\u2019s infrastructure.<\/p>\n<p>\u201cKnown for use in targeted rather than opportunistic attacks, SamSam can be used in web shell deployment, batch script usage for running the malware on multiple machines, remote access and tunneling,\u201d Osborne explained.<\/p>\n<p>After the initial infection and ransom demand, hospital administrators were given a week to pay the ransom or risk losing their files and data forever. Although the organization did have backups in place \u2013 a key data security best practice \u2013 it elected to pay the ransom. IT administrators at the hospital explained that while the backups could have been leveraged to recover data and files decrypted by hackers, this process would have taken days, or even weeks. What\u2019s more, after shifting certain work activity to a manual, pen-and-paper basis for two days, the hospital simply needed a quick resolution.<\/p>\n<p>Unfortunately, the hospital is far from the only organization to be infected with the pervasive SamSam sample \u2013 in the spring of 2018, Trend Micro reported on a case <a href=\"https:\/\/www.trendmicro.com\/vinfo\/in\/security\/news\/cybercrime-and-digital-threats\/samsam-ransomware-suspected-in-atlanta-cyberattack\">involving the city of Atlanta<\/a>. During that attack, the city\u2019s local services, including citizen-facing platforms used to pay bills or access court data, were made unavailable. In this instance, hackers demanded $6,800 to decrypt a single computer or $51,000 for a full decryption. City officials worked with their\u00a0internal IT team and Microsoft to restore access.<\/p>\n<h3><strong>Kansas hospital hit with second infection after paying ransom<\/strong><\/h3>\n<p>While the Indiana hospital infected by SamSam was able to regain its files and data after paying hackers\u2019 ransom, not every organization is so lucky.<\/p>\n<p>According to HealthcareITNews contributor Bill Siwicki, Kansas Heart Hospital in Wichita was the <a href=\"https:\/\/www.healthcareitnews.com\/news\/kansas-hospital-hit-ransomware-pays-then-attackers-demand-second-ransom\">victim of a ransomware attack<\/a> in mid-2016. While patient data contained within the hospital\u2019s electronic health records system was not impacted and daily operations were able to continue, officials decided to pay the ransom.<\/p>\n<p>Unlike the Hancock Health case, though, access to files and data was not returned, even after the \u201csmall amount\u201d in ransom was sent to attackers. Instead, hackers demanded a second ransom and systems impacted by the initial infection remained locked.<\/p>\n<p>\u201cKansas Heart Hospital did not pay the second ransom request and said that along with consultants it did not think that would be a wise move, even though attackers still appear to have some of their data locked,\u201d Siwicki wrote.<\/p>\n<p>This hospital\u2019s experience isn\u2019t as unique as it might seem, though. Health care security expert Ryan Witt told Siwicki that hackers will often take part in a \u201ctried and tested dance\u201d wherein they demand a small ransom amount, and then demand a second, higher amount once the first is paid.<\/p>\n<p>\u201cDemands for funds are soaring, and the problem is organizations are paying,\u201d Witt noted. \u201cRansomware will get worse before it gets better.\u201d<\/p>\n<h3><strong>Addressing ransomware: Trend Micro\u2019s File Decryptor<\/strong><\/h3>\n<p>As these cases have shown, paying up in the hopes that a ransomware attack will end is not the best strategy. It\u2019s imperative that organizations have backups of all of their critical files and data, and that these are stored in the cloud or another separate, off-site location. In this way, should an attack take place, IT admins can recover using the company\u2019s backups.<\/p>\n<p>In addition, Trend Micro has established a solution specifically to address the issue of ransomware attacks: the Trend Micro Ransomware File Decryptor. This tool works to decrypt and restore files and data impacted by certain ransomware families. As of May 2017, limited decryption support was added for WannaCry, following the widespread impact of the sample.<\/p>\n<p>To find out more about Trend Micro\u2019s File Decryptor, <a href=\"https:\/\/success.trendmicro.com\/solution\/1114221-downloading-and-using-the-trend-micro-ransomware-file-decryptor\">check out this guide<\/a>. And visit our blog to learn more about <a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/why-ransomware-works-tactics-beyond-encryption\/?_ga=2.212580692.1917925082.1539717484-412943378.1522103461\">why ransomware attacks continue to be successful<\/a> for hackers.<\/p>\n<p> Read More <a href=\"https:\/\/blog.trendmicro.com\/what-happens-when-victims-pay-ransomware-attackers\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>For many hackers around the globe, ransomware infections have become a lucrative business. Although these types of malware samples have been around for years now, they continue to spur success &#8211; and high monetary profits &#8211; for attackers. In fact, according to a statement from U.S. Deputy Attorney General Rod Rosenstein during the 2017 Cambridge&#8230;<br \/>\nThe post What Happens When Victims Pay Ransomware Attackers? appeared first on . Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":21616,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[311,5065,5066,46,5067,91,307],"class_list":["post-21615","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-current-news","tag-decryption","tag-decryptor-tool","tag-encryption","tag-file-decryptor","tag-ransomware","tag-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>What Happens When Victims Pay Ransomware Attackers? 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/what-happens-when-victims-pay-ransomware-attackers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What Happens When Victims Pay Ransomware Attackers? 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/what-happens-when-victims-pay-ransomware-attackers\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-12-10T15:00:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/12\/what-happens-when-victims-pay-ransomware-attackers.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"235\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-happens-when-victims-pay-ransomware-attackers\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-happens-when-victims-pay-ransomware-attackers\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"What Happens When Victims Pay Ransomware Attackers?\",\"datePublished\":\"2018-12-10T15:00:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-happens-when-victims-pay-ransomware-attackers\\\/\"},\"wordCount\":1137,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-happens-when-victims-pay-ransomware-attackers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/12\\\/what-happens-when-victims-pay-ransomware-attackers.jpg\",\"keywords\":[\"Current News\",\"decryption\",\"decryptor tool\",\"Encryption\",\"file decryptor\",\"ransomware\",\"Security\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-happens-when-victims-pay-ransomware-attackers\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-happens-when-victims-pay-ransomware-attackers\\\/\",\"name\":\"What Happens When Victims Pay Ransomware Attackers? 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-happens-when-victims-pay-ransomware-attackers\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-happens-when-victims-pay-ransomware-attackers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/12\\\/what-happens-when-victims-pay-ransomware-attackers.jpg\",\"datePublished\":\"2018-12-10T15:00:16+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-happens-when-victims-pay-ransomware-attackers\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-happens-when-victims-pay-ransomware-attackers\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-happens-when-victims-pay-ransomware-attackers\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/12\\\/what-happens-when-victims-pay-ransomware-attackers.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/12\\\/what-happens-when-victims-pay-ransomware-attackers.jpg\",\"width\":235,\"height\":300},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-happens-when-victims-pay-ransomware-attackers\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Current News\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/current-news\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"What Happens When Victims Pay Ransomware Attackers?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What Happens When Victims Pay Ransomware Attackers? 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/what-happens-when-victims-pay-ransomware-attackers\/","og_locale":"en_US","og_type":"article","og_title":"What Happens When Victims Pay Ransomware Attackers? 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/what-happens-when-victims-pay-ransomware-attackers\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-12-10T15:00:16+00:00","og_image":[{"width":235,"height":300,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/12\/what-happens-when-victims-pay-ransomware-attackers.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/what-happens-when-victims-pay-ransomware-attackers\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/what-happens-when-victims-pay-ransomware-attackers\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"What Happens When Victims Pay Ransomware Attackers?","datePublished":"2018-12-10T15:00:16+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/what-happens-when-victims-pay-ransomware-attackers\/"},"wordCount":1137,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/what-happens-when-victims-pay-ransomware-attackers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/12\/what-happens-when-victims-pay-ransomware-attackers.jpg","keywords":["Current News","decryption","decryptor tool","Encryption","file decryptor","ransomware","Security"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/what-happens-when-victims-pay-ransomware-attackers\/","url":"https:\/\/www.threatshub.org\/blog\/what-happens-when-victims-pay-ransomware-attackers\/","name":"What Happens When Victims Pay Ransomware Attackers? 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/what-happens-when-victims-pay-ransomware-attackers\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/what-happens-when-victims-pay-ransomware-attackers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/12\/what-happens-when-victims-pay-ransomware-attackers.jpg","datePublished":"2018-12-10T15:00:16+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/what-happens-when-victims-pay-ransomware-attackers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/what-happens-when-victims-pay-ransomware-attackers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/what-happens-when-victims-pay-ransomware-attackers\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/12\/what-happens-when-victims-pay-ransomware-attackers.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/12\/what-happens-when-victims-pay-ransomware-attackers.jpg","width":235,"height":300},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/what-happens-when-victims-pay-ransomware-attackers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Current News","item":"https:\/\/www.threatshub.org\/blog\/tag\/current-news\/"},{"@type":"ListItem","position":3,"name":"What Happens When Victims Pay Ransomware Attackers?"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/21615","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=21615"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/21615\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/21616"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=21615"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=21615"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=21615"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}