Ransomware: Why one city chose to the pay the ransom after falling victim
A US city has explained why it gave into the demands of cyber criminals and paid a ransom demand of $45,000 following a ransomware attack.
Lafayette, Colorado fell victim to ransomware on July 27, which encrypted the city’s computer networks and caused disruptions to phone services, email and online-payment and reservation systems.
It’s thought that the ransomware – which hasn’t been identified – entered the city’s network via a phishing or brute force attack and wasn’t part of a targeted campaign, but rather one that just set out to exploit vulnerable systems.
SEE: Security Awareness and Training policy (TechRepublic Premium)
After examining the incident the city of Lafayette opted to pay the cyber criminals the ransom they demanded, perceiving it to be the quickest and most cost effective way to restore municipal services to residents, rather than attempting to restore services from scratch.
“I can tell you that using taxpayer funds to pay a ransom was definitely not the direction the city wanted to take. We attempted to pursue any possible avenue to avoid paying the ransom,” Lafayette Mayor Jamie Harkins said in a video statement.
“After a thorough examination of the situation and cost scenarios, and considering the potential for lengthy, inconvenient service outages for residents, we determined that obtaining the decryption tool far outweighed the cost and time to rebuild data and systems,” she explained.
As a result, the decision was taken to pay a ransom of $45,000 to cyber criminals to retrieve the ransomware decryption key and the city is restoring the encrypted data in an effort to return services to normal – although at the time of writing, many services still remain unavailable.
“Our city encountered something that unfortunately an increasing number of agencies are dealing with. We have struggled to manage the impacts but are now on a path forward due to quick response and the help of regional partners,” said Harkins.
In order to avoid falling victim to additional ransomware attacks in future, the city says it’s installing new backups, deploying additional cybersecurity across the network and will take regular vulnerability assessments to help prevent additional cyber threats.
Cities are a common victim of ransomware attacks because budget constraints often mean they don’t have the fully up-to-date cybersecurity protocols required to keep ransomware and other malware from entering the network.
And while the authorities warn that victims of ransomware attacks should never pay the ransom, many victims don’t feel as if they have any other choice – especially those like cities that need services up and running as soon as possible in order to meet the needs of citizens.
The city of Lafayette could be considered fortunate because the ransom demand was ‘only’ $45,000 – other cities across the US have paid hundreds of thousands of dollars to criminals in exchange for returning the network.
However, paying ransomware gangs isn’t a guarantee that the network will be restored because it isn’t unknown for them to take the money and run or to provide faulty decryption keys.
Cities and other organisations can go a long way to avoiding falling victim to ransomware attacks in the first place by following a handful of basic cybersecurity hygiene protocols.
Ensuring that security patches are applied as soon as possible helps prevents cyber attackers from using known vulnerabilities to gain a foothold inside the systems in the first place, while organisations should also apply multi-factor authentication across the network, because that can prevent hackers gaining control of accounts, systems and servers.