Services in the U.S. cities of Baltimore and Maryland were paralysed earlier this year when a ransomware attack locked up computer networks and made it impossible for residents to make property transactions or pay their municipal bills.
Officials refused to meet hacker demands for a ransom of $76,000 to unlock the systems, but have been saddled with an estimated $18 million in costs of restoring and rebuilding the city’s computer networks.
The dilemma in such cases highlight tough choices faced by cities, hospitals and corporations hit by ransomware.
Two Florida cities reportedly paid a total of $1 million in ransom this year, after which a new attack by the same group hit the State court system in Georgia.
Globally, losses from ransomware rose by 60% last year to $8 billion, according to data compiled by the Internet Society’s Online Trust Alliance.
At least 170 county, city or State government systems have been hit since 2013, with 22 incidents this year, according to the U.S. Conference of Mayors, which adopted a resolution opposing ransomware payments.
“We’re seeing more attacks against cities because it’s clear cities are ill-prepared,” said Gregory Falco, a researcher at Stanford University. Ransomware has been a thorny cybersecurity issue for several years globally, marked by global ransomware attacks known as “WannaCry” and “NotPetya.”
Pay or resist?
While the FBI and others warn against paying ransoms, some analysts say there is no clear answer for victims when critical data is locked.
“You have to do what’s right for your organisation,” Mr. Falco said.
Josh Zelonis at Forrester Research offered a similar view, saying in a blog post that victims need to consider paying the ransom as a valid option, alongside other recovery efforts.
But Randy Marchany, chief information security officer for Virginia Tech University, said the best answer is to take a hardline “don’t pay” attitude.
Victims often fail to take preventive measures such as software updates and data backups that would limit the impact of ransomware.
Brett Callow of Emsisoft says coordinated efforts can help identify some malware and sometimes unlock data.
