The debate over whether to pay or not to pay the ransom once your system is encrypted is heating up. Yesterday, the US Conference of Mayors approved a resolution coming down in favor of not paying cybercrooks. There are arguments on either side of the question. Paying the ransom creates a huge incentive for ransomware crooks to keep plying their trade.
However, in many cases, the costs of not complying with the demand can cost many millions more than paying and may not be a realistic option for some smaller cities. And once your system is compromised with ransomware there may be residual malware left behind and the only way to totally reduce that risk is to build back from bare metal. Discuss here: