Organizations hit by ransomware should not pay the ransom according to 79% of respondents from a recent online poll run by Menlo Security. 

According to the poll, which garnered 8,571 responses, 20% of respondents believe that they should pay the demands, respondents also think that tougher penalties should be given to criminals who steal company data and extort organizations, with more than two thirds (69%) demanding prison sentences. Seven percent of respondents believe that a large fine or community work would be an adequate penalty; however,16% admit that the attackers will probably never be caught.

This follows recent high-profile attacks that led to Colonial Pipeline in the U.S. paying over $4 million in Bitcoin to cyber criminals and Travelex paying $2.3 million to regain control after hackers shut down its financial transaction networks. Such is the severity of the situation that six out of ten respondents think that ransomware attacks should be treated the same as terrorist attacks.

As the number of ransomware attacks against critical infrastructure organizations including transportation, healthcare and energy increase, responsibility for their protection should fall firmly at the feet of the government, say 55% of poll respondents. Nearly a quarter (23%) point to organizations to be more accountable, while 12% believe it rests with the cybersecurity industry as a whole.