Too often we read news articles about counties and cities that have been hit by ransomware. In many of these instances, public safety has also been affected. These local governments and agencies must face a difficult decision: "Should we pay the ransom?" This topic of “paying the cyber-criminal’s extortion demands” has not been given a very deep analysis, especially considering the impact of these attacks. As part of a good Incident Response Plan, this topic should be addressed in advance of the emotion surrounding a cyber-crisis.