Since 2013, ransomware attacks have hit at least 170 county, city, or state government systems and 22 of those attacks have occurred within the first half of 2019 alone. It is no secret that municipal entities are under attack and cybercriminals have no intentions of slowing down.
Recent attacks on 22 Texas government entities and the city governments of three Florida cities resulted in over a million US dollars’ worth of ransomware payments being made in bitcoin. It appears though that a group of Mayors have had enough of this.
At a recent meeting of the US Conference of Mayors a resolution was unanimously adopted not to pay any more ransom demands to threat actors following ransomware infections. The resolution says, “Paying ransomware attackers encourages continued attacks on other government systems, as perpetrators financially benefit.”
The resolution continued, “The United States Conference of Mayors has a vested interest in de-incentivizing these attacks to prevent further harm… NOW. THEREFORE, BE IT RESOLVED, that the United States Conference of Mayors stand united against paying ransoms in the event of an IT security breach.”
While this resolution has absolutely clear language regarding where these leaders stand on ransomware attacks, it is not legally binding. However, it can be used as an official position to justify administrative actions in the event of an attack for both federal authorities and taxpayers alike.
The U.S. Conference of Mayors includes over 1,400 mayors from across the country who represent cities with a population of over 30,000.
The resolution was introduced by City of Baltimore mayor, Bernard Young, who’s city was attacked by ransomware in May earlier of this year. Hacker’s originally asked for a $75,000 ransom, but they declined to pay it. However, the cost to restore and rebuild their IT systems and networks has already ballooned to over $18 million.
Why Cybercriminals Target Municipalities
One of the main reasons we have seen a rise in ransomware attacks against municipal institutions, stems from the fact that many cities have fallen behind in terms of cybersecurity.
Numerous governments are forced to pay hackers due to their neglect of properly protecting themselves. They don’t implement proper layered security (email, endpoint, and network), backup/continuity measures, and training. They instead rely solely on end-user training and purchase cyber-insurance policies to pay ransoms.
Both the FBI and cybersecurity experts usually advise against paying a ransom demands, unless there is no other way to recover the data. Many experts are begging all organizations to put effective backup and disaster recovery plans in place. While some may think that having those plans in place is a bit of a paranoid measure, it most certainly is not. IBM Security researchers found that there is an almost 30% likelihood organizations will experience a data security incident.
Will It Work?
The resolution’s stance is extremely firm, and it will remain to be seen if the approach is successful in deterring hackers. Many, including this writer, believe that it will not be successful in its mission. While paying the ransom is essentially “aiding the enemy”, the victims are essentially left footing the bill for an already decrepit system.
Cities who are impacted must rebuild their own networks. This is a step they would have to go through even if they paid out a cybercriminal’s ransom or not. This is how and why most ransomware incidents end up costing massive amounts.
Excellent recent examples of this situation are both the cities of Baltimore, Maryland and Atlanta, Georgia. They decided to not pay the hackers ransom which left the government and taxpayers footing the bill. The respective totals for recovery were over $18 million for Baltimore and over $12.5 million for Atlanta.
Unless cities begin putting these cybersecurity measures in place with urgency, we can expect these trends to continue their rise. With ransomware payments up 184% from Q1 of 2019 there appears to be no end in sight.
The post US Mayors Vow to No Longer Pay Ransoms to Hackers appeared first on VIPRE.