Top 5 Companies That Refused to Pay Hackers a Ransom

At the end of May 2025, the largest cryptocurrency exchange in the U.S., Coinbase, became the target of a hacker attack. The attackers copied customers' personal data and then began contacting them while impersonating Coinbase, coercing users into transferring cryptocurrency. The hackers also demanded a ransom directly from the exchange - but were met with a firm response: Coinbase refused to pay the $20 million and sought help from law enforcement.
This is a striking example of a company standing its ground against cybercriminals. Let’s take a look at several other similar cases where businesses chose resistance over ransom.
- LockerGoga ransomware attack on Norsk Hydro
In March 2019, Norwegian aluminum producer Norsk Hydro was hit by the LockerGoga ransomware. This malware operated unusually: it didn’t rely on phishing and only spread based on direct hacker commands - and it was highly destructive. Despite the scale of the attack, Norsk Hydro refused to pay the ransom and spent three weeks recovering its systems independently. The total damages exceeded $70 million.
- Major data breach at Latitude Financial
Australian financial services company Latitude Financial declined to pay a ransom to hackers who breached its systems in March 2023. The attackers gained access to the personal data of 14 million customers. Nevertheless, Latitude chose not to negotiate with the criminals. The company’s financial losses were estimated at $76 million.
- CD projekt SA data breach
In February 2021, game developer CD Projekt Red was targeted by a ransomware attack. Hackers gained access to a significant amount of corporate and player data, but the company firmly refused to pay the ransom. Later, it was revealed that the stolen data was sold on the dark web for $7 million, though the buyer’s identity remains unknown.
- Cyberattack on Ritzau news agency
In November 2020, Denmark’s news agency Ritzau was hit by ransomware that infected its servers and halted newsroom operations. To resolve the crisis, Ritzau hired an external digital forensics firm. The exact amount of financial loss was never disclosed. The ransom demand also remained unknown, as the company never opened the hacker's message. As a result, the identity of the perpetrators also remains a mystery.
- Rhysida ransomware attack on port of Seattle
In August 2024, the Port of Seattle was attacked by the Rhysida ransomware group. Hackers gained access to computers and encrypted critical data. The disruption impacted multiple services at Seattle-Tacoma International Airport (Sea-Tac), forcing staff to revert to manual operations. Some maritime activities at the port were also delayed. However, no ransom was paid, and the port did not disclose the extent of its financial losses.

Fill out the form below, and we’ll get in touch with you right away to discuss a plan to protect your business!