They refuse to pay a ransom... and fund cybersecurity
Cybersecurity: your company is paralyzed by a cyberattack. Stolen data, locked systems, a ransom demanded. Panic, stress, media pressure. A

Imagine: your company is paralyzed by a cyberattack.
Stolen data, locked systems, a ransom demanded.
Panic, stress, media pressure.
And then, instead of negotiating in the shadows...
You do the opposite of everyone else.
You refuse to pay,
you publicly apologize,
and you hand the money demanded over to cybersecurity researchers.
Madness? A PR stunt? Or just plain logic?
Yet that is exactly what really happened this week.
And it may be the most courageous act we have seen in the digital world in a long time.
We saw it go by like a rare anecdote, almost unreal, in the flow of cyber news:
A company hit by ransomware refused to pay, publicly apologized to its customers...
...and gave the equivalent of the ransom to a cybersecurity research organization.
A drop of ethics in an ocean of denial.
But what we are a little too quick to call a "miracle" says a great deal about the state of our cyber culture today: we marvel at behavior that, in theory, should be... the norm.

What 90% of companies do... in silence
In the vast majority of cases, companies hit by ransomware keep a low profile.
They try to limit the damage:
- downplay their communication;
- negotiate with the attackers;
- sometimes even pay the ransom on the quiet.
Why? To "protect their reputation," "buy time," or because insurers push them in that direction.
But this short-term management reflex only feeds the business model of cybercriminals.
Every ransom settled is encouragement for the next one.
The courage to do things differently
Refuse to pay, communicate transparently and turn the crisis into an opportunity for the common good?
That is a triple counter-move.
And yet, that is what this company did.
Rather than giving in:
- It told the truth.
- It owned up to its responsibilities.
- And it decided that the money would not fund crime, but the solution.
It did not "buy back" its image. It made a matter of principle.
When paying makes the problem worse
You often hear: "Better to pay, get the data back, and move on."
But the reality is that:
- In 30 to 50% of cases, the data is not fully recovered.
- In 80% of cases, it is reused or resold.
- And in 100% of cases, the payment funds a new attack.
So it is not a "lesser evil."
It is a headlong rush.
Turning a crisis into a strong signal
What this company just did is change the narrative:
- It does not cast itself as a victim.
- It does not hide behind technology.
- It does not settle for "managing."
It sends a clear message:
"Cybersecurity is a collective issue.
We did not measure up, so we are taking part in the solution."
And this simple gesture could have more impact than all the awareness reports in the world.
Why this is a signal worth hearing
This case proves one essential thing:
cybersecurity is not a matter of servers, it is a matter of culture.
Of posture. Of values.
You do not need to be an expert to make the right choices.
But you have to dare to make them.
We need leaders capable of saying:
"We were not perfect. But we are not going to make things worse."
What if this were real digital leadership?
Because the real question is not "how to protect yourself 100%."
(Hint: it is impossible.)
The real question is:
- How you respond when it happens.
- What example you set.
- What contribution you make to the ecosystem.
Today, every digital organization lives in a high-risk environment.
But risk does not justify passivity.

What I take away from it (and have always argued)
In my book Être en cybersécurité, I never promised any "miracle solution."
But I have always argued a simple idea:
You do not build security on fear, but on clear-sightedness.
And sometimes, the only real bulwark is the courage to say no.
It is not for ransomware to write the rules of the game.
And it is not for companies to feed its parallel economy.
And now?
Will this case become the norm? Probably not.
But it is a weak signal worth amplifying.
An example we can hold up against every complicit silence.
A gesture that shows digital dignity still exists.
And if it needs saying loud and clear:
No, you must not pay ransoms.
But yes, you can do better than survive an attack.
You can draw a lesson from it that helps everyone.
Would you like a LinkedIn or X version based on this one? We can also structure it as a special newsletter if you want to publish it tonight or tomorrow.
Questions fréquentes
What did this ransomware victim do?
Instead of negotiating in the shadows, it refused to pay, publicly apologized to its customers and gave the equivalent of the ransom to a cybersecurity research organization.
Why should you not pay a ransom?
Because paying does not guarantee you get your data back and, in every case, it funds a new attack. It is a headlong rush that feeds the cybercriminal economy.
Is cybersecurity a purely technical problem?
No. This case shows that cybersecurity is above all a matter of culture, posture and values. You do not need to be an expert to make the right choices, but you have to dare to make them.
How is this gesture a matter of digital leadership?
Because the real question is not how to protect yourself 100%, which is impossible, but how to respond when the attack comes, what example you set and what contribution you make to the ecosystem.

Être en cybersécurité
Une feuille de route cyber en clair, pour tout le monde, pas seulement les experts.
