When you don't pay ransomware, several consequences can occur:

1. Data Loss: Ransomware typically encrypts your files or locks you out of your system until a ransom is paid. If you refuse to pay, you risk losing access to your important data permanently.
2. Financial Impact: The cost of recovering from a ransomware attack can be substantial. Even if you have backups, restoring your systems and data can be time-consuming and expensive.
3. Reputation Damage: If your organization's data is compromised or leaked as a result of not paying the ransom, it can lead to a loss of trust from customers, partners, and stakeholders.
4. Legal Consequences: Depending on the nature of the data affected by the ransomware attack, you may be legally obligated to report the incident to authorities or face penalties for non-compliance.
5. Further Attacks: Paying the ransom doesn't guarantee that you'll regain access to your systems or that the attacker won't strike again. In fact, it may make you a target for future attacks, as the attacker knows you are willing to pay.

It's important to note that the decision of whether to pay the ransom or not is complex and depends on various factors, such as the value of the data, the reliability of backups, and the likelihood of successfully recovering the data without paying.

References:

• FBI - Ransomware Prevention and Response for CISOs
• Cybersecurity and Infrastructure Security Agency - Ransomware
• Microsoft Security Blog - Ransomware Groups Continue to Target the Healthcare Industry: Here's How to Reduce Risk