Ransomware: To Pay Or Not To Pay (Credit: Pexels) Ransomware is a growing threat for utilities, as most recently evidenced by the May attack on Colonial Pipeline, and cybersecurity has been cited as a top ESG concern, according to the RBC Global Asset Management Responsible Investment Survey. Whether or not to pay large sums of money to attackers is hotly debated. In Colonial’s case, the company ultimately made the decision to pay about $5 million in ransom – out of concern for prolonged pipeline outage resulting in energy shortages – though federal investigators were able to recover more than half of that. Colonial worked closely with government agencies, law enforcement officials, and several consultants, including Dragos, Mandiant Threat Intelligence and Black Hills Information Security, to determine its strategy to address the attack.