To pay or not pay a hacker’s ransomware demand?…
A recent call for city leaders to stop paying ransomware demands underscores the need for municipalities to step up their cyber practices and have a good backup process in place.
Baltimore Mayor Jack Young announced last week that the U.S. Conference of Mayors (UCSM) passed a resolution calling on mayors to oppose the payment of ransomware attackers. The resolution states that “at least 170 county, city or state government systems have experienced a ransomware attack since 2013” with 22 of those occurring in 2019 so far.
One of those cities is Young’s own Baltimore, which was crippled by a Robbinhood ransomware attack on May 7, causing well more than a month’s worth of turmoil and city service outages that brought down real estate sales in the city and ultimately cost $18 million (and counting) in recovery costs and lost revenues. Baltimore applied for federal disaster funds, and the city’s IT chief publicly apologized for doing a “poor job” of communicating in the wake of the attack. Mayor Young and IT experts say it will still be months before Baltimore’s systems are fully functional.
Baltimore’s ransomware disaster could have theoretically been minimized if the city had paid the hacker’s initial ransom demand of what was then about $76,000 in bitcoin, less than 1% of the ultimate cost of the attack. At least two other cities recently hit by ransomware made their own calculations and decided to do just that.
This article appeared in CSO Online. To read the rest of the article please visit here.