"You can negotiate," Hay said, comparing it to cutting a deal with a collection company. "If you ask, 'What will it take to make this go away today?' you can end up paying less."
But, an outright refusal (which is recommended by many in law enforcement) increases the likelihood that your data won't "survive."
"It's very hard to figure out decryption keys," he said.
So, as is the case in the physical world, preparation is key.
"You need preventative tools, detection tools, restorative tools, crypto currency stockpile, a business risk assessment, cyber insurance, education and table-top exercises," he said.
He added that he knows maintaining a supply of crypto currency is controversial, but said it is simply dealing with reality. "If you don't have a Bitcoin supply, then you should at least know a broker," he said.
Sign up for Computerworld eNewsletters.