Imagine this: you work for a private investment fund manager, one of its portfolio companies has discovered ransomware barring it from accessing the majority of its IT systems, and the cyber-threat actors are demanding a ransom before they will hand over the decryption key. Within two days the ransom will exceed the company’s cyber insurance coverage and it will need a cash injection from the investment fund to satisfy the ransom demand. What do you do? The first of this two-part guest series by Proskauer partners Ryan P. Blaney, Margaret A. Dale, Dorothy Murray, Todd J. Ohlms and Jonathan M. Weiss considers immediate incident response steps and analyzes whether to pay a ransom, from U.S., U.K. and E.U. perspectives. The second part will consider the notification obligations and other consequences of a ransomware attack. See “A Look Inside Businesses’ Private Disputes Over Ransomware Costs” (Aug. 18, 2021).