About 20 years ago now, I was on a file sharing website, yes, I now know that was wrong, but I was a lot younger then and FOSI was all the rage. I assume some will still remember FOSI.
I downloaded a copy of a then very popular instant messaging and VoIP client. I will not mention the name as there was nothing wrong with the client, other than someone had managed to piggyback, and I ended up downloading a malware virus.
The Malware was known at that time as the Police Virus, because it would announce itself as the local constabulary and they knew what I was doing and they had my IP address and picture.
It stated that my files had been locked and to get them back, I would need to pay them money.
Panic set in, as first of all I needed my PC to run my business, but I was also now wondering what information did they actually have about me. My mind was racing, and I could not get into my PC to check.
The fact was, they had not encrypted my hard drive, only locked me out and I was able, through safe mode to find the offending article in the startup directory and delete it.
Scroll forward 20 years and these monkeys are still out there. The difference is that now encryption means encryption and safe mode will not cut it anymore.
They will lock your data away, and you will never see it again.
I have had conversations with IT professionals who say, do not pay them, as this will only cause you more loss and they will keep coming back for more money. Others say, pay up, as £10,000.00 is much less than what you might lose.
The fact is, that these people are now struggling to make a living, because data is not held centrally anymore, but in the cloud, and locking down your hard drive, while an inconvenience, will not stop you from trading.
What will stop you from trading, is what they know about you and your business.
So my advice is to implement robust Information Security Controls, have multiple backups on the cloud and never, ever pay these people a penny.
If data security is important to you and your clients, get it gripped and implement ISO27001.