If you haven’t been paying attention, cities are getting killed by ransomware. The number of cities that have fallen victim to ransomware just 2019 is too long to list. And once a city does get hit by ransomware, the question that always comes up is, should the city pay the ransom? It’s not an easy question to answer.
One the one hand, paying the ransom is no guarantee that the city will get their systems back. On the other hand, not paying the ransom leaves the city with the unknown financial burden of restoring their systems.
Some have chosen to pay the ransom. According to SC Magazine, “Lake City and Riviera Beach, Fla.; the Rockville Center, N.Y. School District; LaPorte County, Ind.; and Jackson County, Ga. all opted to pay.”
Some have chosen not to pay. “Baltimore and Atlanta chose not to pay their attackers, a decision that forced them to spend millions of dollars and rebuild over months.”
When it comes to the decision about what to do with ransomware, the country’s mayors have already decided. U.S. Mayors, at their yearly conference, adopted a resolution not to give in to ransomware demands. And now it seems the taxpayers in those cities have spoken also.
According to a survey, conducted by Morning Consult and sponsored by IBM Security, of 2,200 U.S. citizens, “Sixty percent of taxpayers said they are against giving in to the ransom demanded by malicious actors. The same number stated they would rather see their tax dollars go toward paying for a recovery effort – even if it is more expensive – than putting their hard-earned dollars into a criminal’s pocket.”
Some of the survey results were shocking. “While citizens are most likely to support payment of ransoms for services they see as critical, the services they do not consider critical are surprising. More than 30 percent of taxpayers surveyed wouldn’t support payment of any amount to assist 911 emergency services, police departments and school systems if they were targeted by a cyberattack.”
While the Mayors and taxpayers have let everyone know where they stand on the ransomware issue, the question that arises is, are they worried about the wrong thing? Rather than worrying about whether or not to pay the ransom, shouldn’t they be more concerned about following best security practices to make sure their city isn’t a victim of ransomware in the first place?
The answer is obviously yes. Best practices for avoiding ransomware include providing employee awareness training and deploying anti-phishing software like that from DuoCircle.
Anti-phishing software, with real-time link click protection, costs on the order of 30 cents per employee per month. For taxpayers who are obviously worried about their hard-earned tax dollars, that seems like a much easier decision than whether or not to pay a ransom.