The FBI says not to do it.
Every CISO I've interviewed at our SecureWorld cybersecurity conferences says not to do it.
But hospital president and CEO Steve Long did do it.
He paid the ransom demand after ransomware locked up the hospital's network.
The hackers hit Hancock Regional Hospital during a severe 2018 flu season. That was a factor in the decision to pay.
Now, the CEO is sharing what the ransomware attack looked like in the hours following the incident, and why the hospital ultimately paid four Bitcoin worth $55,000 to get the decryption keys from hackers.
"By 10:30 that night we had shut down every single computer that we had and all our servers," Long recalled about the Thursday night in January. "By midnight we successfully shut off every computer in the organization and started from scratch. It's surreal," he told CNBC.
And, oh yeah, the hackers got in through a vendor's compromised credentials. Third-party security risk strikes again.
Check out the CNBC ransomware article for more, and then ask yourself: At my organization, is there a point at which paying the ransom would make sense to the business?