The use of ransomware has spiked in recent years: Roughly 40 percent of all spam emails in 2016 contained ransomware, according to a recent IBM Security study.
Part of the reason is simply that it works: Nearly 70 percent of business victims surveyed by IBM said they paid hackers to recover data. The incentives of hackers are straightforward -- they're looking for a big payday -- but it's less clear whether their victims should cooperate.
"It's very simple in my mind," said Michael Duff, the CISO for Stanford University, on a ransomware panel at the RSA Conference in San Francisco on Monday. "If you're not able to reconstitute a system in the timeframe you need, and you need it up and running, pay the ransom."
Neil Jenkins, of the Homeland Security Department's Enterprise Performance Management Office (EPMO), said that, "From the US government perspective, we definitely discourage the payment of ransom."