That requires you to have that kind of data. The company could have be operating legally and not have compromising stuff. The ransomware team gains nothing if a company refuses to pay and has everything to lose by hacking. If there price is to high they are taking on a lot of risk for no reason. Hacks are smart people (I find breaking the law to be a bad decision but if one does it knowing the consequences and mitigations then they aren't dumb just unethical)
nstj|4 years ago
ben509|4 years ago
Arguably the bigger problem is you don't know that the ransomer will actually give you a valid key, but suppose you guess a likelihood P that they do.
Now you have some scenarios:
1. Don't pay. We're out $C.
2. Do pay, and get a valid key. We're out $R.
3. Do pay, and get no key. We're out $R + $C.
So the limit is at scenario 1 being equal to the combination of 2 and 3.
Set C = PR + (1-P)(R + C), and your max ransom R = CP
(You could probably work in additional costs for cleaning up even if the ransom is paid.)
xphos|4 years ago