Ransomware operators have targeted more American intitutions than ever this year, including state and local government systems, school districts, healthcare facilities and other entities. And with the payouts circulated in the news, it’s hardly a surprise that their appetite keeps growing. While government officials scramble to strengthen their cybersecurity, taxpayers are angry.
A recent wave of ransomware attacks on state-owned infrastructures across the US has taxpayers up in arms over local officials’ handling of the situation. For example, two cities in the state of Florida – City of Riviera Beach and Lake City – paid a combined $1 million in June to ransomware operators to regain access to their municipal systems. And ransomware attacks across the nation are crippling medical offices and school systems just as the school year starts.
Nearly 80% of citizens across the US are increasingly worried about ransomware attacks on cities, according to a survey by Morning Consult on behalf of IBM. Taxpayers see ransomware as a threat to their personal data and their city’s data. Nearly 60% of those surveyed are against their local governments using tax dollars to pay ransom and would prefer their city face higher recovery costs rather than use tax dollars to pay the ransoms.
While the public’s stance is laudable, recovering from a ransomware incident can cost anywhere between $20,000 and $20 million. Atlanta paid $17 million and Baltimore spent $18 million to recover from a ransomware contagion after refusing to succumb to the attackers’ ransom demands. Considering that attackers typically demand around $400,000 for the decryption keys, it is perhaps no surprise that many local governments decide to pay.
According to the same study, just under half of respondents believe protecting cities from ransomware is the federal government’s job, above state and local decision makers. And 90% are in favor of increasing federal funding to improve cybersecurity in cities.
A recent study by The Harris Poll ended with similar findings: Americans won’t vote for candidates who approve ransomware payments. Asked to elaborate, 86% reasoned that, when organizations make ransomware payments, they encourage cyber criminals to strike again, a stance shared by cybersecurity experts.