Numerous big cities across the United States have fallen victim to ransomware attacks costing the municipalities tens of millions of dollars to recover. While some city administrators refrain from giving in to extortion demands, most end up paying in exchange for the decryption keys. Seeing how ransomware operators are showing no signs of stopping, city mayors have decided to stop giving in to extortion demands.
At the 87th annual meeting of the US Conference of Mayors this week, participating mayors from various big metropolises unanimously adopted a resolution not to pay any more ransom demands following a ransomware infection.
Acknowledging that targeted ransomware attacks on local US government entities are on the rise, with 22 such attacks occurring so far in 2019, US city mayors have had enough.
“Ransomware attacks can cost localities millions of dollars and lead to months of work to repair disrupted technology systems and files,” they said.
“Paying ransomware attackers encourages continued attacks on other government systems, as perpetrators financially benefit,” the resolution adds. “The United States Conference of Mayors has a vested interest in de-incentivizing these attacks to prevent further harm.”
The resolution is well founded. Even if IT administrators cave in to the attackers’ demands, with the decryption key in hand they still have their work cut out for them to recover the encrypted data. Just like businesses bleed revenue from disruption, city systems incur similar material and financial damage from a ransomware attack. Since ransom payments encourage future attacks, why not try and boycott the payment?
While the resolution is certainly a step in the right direction to thwart ransomware as a business, the rule of thumb should still apply: keep regular, offline backups of your important data, away from prying eyes.