'You Can't Just Concede.' How One Expert Explains Negotiating With Cybercriminals

Colonial Pipeline reportedly paid nearly $5 million worth of bitcoin to recover its data from cybercriminals who had hijacked the company's computer systems. The shutdown disrupted gas supplies across large parts of the South and East Coast.

The hackers used ransomware, which takes control of a victim's computer and locks them out of their data unless they agree to pay an anonymous hacker, usually in cryptocurrency. Hackers may also threaten to leak a company's sensitive data to the public unless paid to keep quiet.

Thousands of institutions fall victim to ransomware attacks each year in the U.S., including local governments, small businesses, schools, hospitals, airports and more. Law enforcement discourages paying the extortionists, but many businesses do. Surveys suggest at least a quarter of victims pay up, with payments often in the tens or even hundreds of thousands of dollars.

Data is spotty, though, because many companies don't report attacks. And even if they pay, there's no guarantee they'll recover all their data.