Last month, Atlanta’s city government was the victim of a ransomware attack that wound up costing it more than $2 million.
According to Engadget, while the ransom demand was about $51,000, the city spent a small fortune trying to correct the situation.
Firms Secureworks and Ernst & Young were paid $650,000 and $600,000, respectively, for emergency services, while Edelman was paid $50,000 for crisis communication services.
That brings the grand total to approximately $2.7 million.
The ransomware caused Atlanta’s courthouse documents and services like payment processing to become inaccessible. Baltimore was also hacked, with criminals able to break into the city’s dispatch system that supports emergency calls. Baltimore CIO Frank Johnson called the hack a “limited breach.”
And last year, a virus shut down the entire network of a county in Ohio, including that of the local police force.
It’s unknown if the city paid or tried to pay the ransom, but the affected services are still not completely up and running. In addition, the attackers took down the communication portal that would have been used to pay the fee.
The FBI and other law enforcement agencies usually don’t recommend paying these types of ransoms since it might encourage attackers to keep committing these cybercrimes. However, not everyone agrees.
“Refusing to pay a ransom is unlikely to demotivate cybercriminals from conducting further attacks, as they will always find someone else to pay,” said Ilia Kolochenko, CEO of cybersecurity firm High-Tech Bridge.
But another city’s chief information security officer said that there are other reasons not to pay up. “Unless paying the ransom provided details of how they were breached, what would it really get them?” he said. “Firstly, they don’t know if they would actually get the decrypt keys. Secondly, they don’t know if they would simply get hit again. And thirdly, it would only encourage more of the same kind of action.”
One thing everyone could agree on is that Atlanta should have done more to strengthen its cybersecurity systems before the attack.
“The real lesson,” said Kolochenko, “is that for probably 10 to 20 percent of the cost of the emergency support, they could have brought in the same people to help with the same issues prior to the incident.”