Earlier this year, the city of Atlanta was struck with a crippling SamSam ransomware attack. The city lost critical functions for weeks due to downtime, and permanently lost terabytes of historical data. The city opted not to pay the $50,000 bitcoin ransom to recover their data from the hackers. The rebuild is estimated to have cost Georgia taxpayers more than $17 million.
More recently, the Pennsylvania Senate Democratic Caucus sustained a ransomware attack in which the attacker demanded close to $30,000 to decrypt their data. Rather than pay, the organization opted to rebuild at a cost of more than $700,000, 23x the ransom amount.
While there is no guarantee that data will be recovered if ransomware is paid, industry surveys point to a recovery rate of 70 percent to 80 percent.
These cases present a different angle on the “never pay for ransomware” debate, as unlike a small commercial entity, municipal organizations are not at risk of bankruptcy or systemic failure as a result of the attack. A small business that must meet the demands of a supply chain can easily be dropped from that supply chain if its business gets bound up by a crippling ransomware attack. That is why 75 percent of small businesses that sustain a ransomware attack note that the downtime is potentially life-threatening. The government of the city of Atlanta was not going to disappear as a result of its attack—a luxury that only taxpayer-funded organizations can consider, as evidenced by its choice to pay 340 times the ransom amount to rebuild, rather than pay the ransom.
These situations are increasingly common and pose a challenging dilemma to the representatives making the decisions. On one hand, it is fundamentally not palatable to pay a hacker a ransom amount, and even more so if the organization is part of the state municipal government. On the other hand, spending 340x the ransom amount, of taxpayer money on the recovery effort is also a bit jarring. To put that in perspective per budget forecasts for 2018, the $17 million the city spent on recovering is equivalent to:
The total compensation received by every executive employee of the City of Atlanta.
The total amount contributed to the City of Atlanta’s Firefighters Pension fund.
The total operating budget of the City of Atlanta’s Finance Department.
If the city had put forth a ballot measure to vote on the course of action that should be taken, how would Atlanta’s constituents have voted, given the magnitude of the taxpayer cost? How will future constituents of other municipalities react when a similar story unfolds with their tax dollars on the line?
*** This is a Security Bloggers Network syndicated blog from Blog | Latest Ransomware News and Trends | Coveware authored by Bill Siegel. Read the original post at: https://www.coveware.com/blog/2018/10/5/ransomware-recovery-at-the-taxpayers-expense
The European Medicines Agency (EMA) says it was hacked by persons unknown.
Leading UK Credit Card Consumer Finance Company Uses Advanced Graph Analytics to Intercept Fraudulent Credit Card Applications, Boost Anti-Fraud Efforts…
Digital+ Partners Leads Continuation Funding Round in Growing Automated Threat Analysis & Detection Provider, Closing its Series B Round at…
For three years OpenWRT had a severe validation problem with its download package manager, until a fuzz tester found and…
It’s time to say a final “Goodbye” to Flash. (Or should that be “Good riddance”?) With earlier this week seeing…
1. Be a student of (information security, network security, cyber security). Always strive to know what the latest tactics, trends,…