Why This Organization Refused to Pay the Ransomware Demands - UNH

The video recounts how a university‑level organization chose not to pay a $1.25 million ransomware ransom after a protracted negotiation with the LockBit gang. Executives, including the president, CFO, and legal counsel, weighed the threat, the alleged data volume, and the potential impact before reaching a consensus to refuse payment.

Negotiators deliberately prolonged discussions, extracting file‑path listings and demanding proof of the claimed 75 GB of stolen data. The attackers later inflated the figure to roughly 380 GB, but the organization’s analysts could not locate such data in their systems. By the deadline, the gang released only about 2.5 GB, revealing that the earlier claims were largely bluff.

Key moments include the team’s assessment that the exposed files likely contained limited FERPA information and no HIPAA‑protected data, and the internal debate among senior leaders and outside counsel. The decision hinged on the low sensitivity of the data versus the steep ransom, ultimately saving the institution a million‑plus dollars.

The case underscores the value of thorough forensic analysis, strategic negotiation, and cross‑functional leadership in ransomware incidents. While this organization avoided a costly payout, the outcome highlights that each breach must be evaluated on its own data‑sensitivity and risk profile, informing broader cyber‑risk management strategies.