Skip to main content
close search
site logo
Dive Brief

Mayors resolve to stop paying ransomware hackers

Published July 15, 2019
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Kaspersky Lab

First published on

CIO Dive

Dive Brief:

  • During the U.S. Conference of Mayors' 87th Annual Meeting, more than 225 mayors agreed to a resolution to not pay a ransom in the event of a cyberattack.
  • Paying a ransom "encourages continued attacks" on government entities and financially supports malicious actors, the mayors said. The group has a "vested interest in de-incentivizing" future attacks. 
  • There have been at least 170 cyberattacks on country, city or state government systems since 2013 and 22 happened in 2019, according to the mayors' resolution. High profile attacks, like Baltimore's, have gained national attention.

Dive Insight:

Paying a ransom is always a gamble: There's no guarantee victims will have their records or full operations restored. There's also no promise the attackers didn't keep a digital copy.

Still, the decision to pay a ransom comes down to basic math. Attacked entities have to decide if the cost of recovery — factoring in the type of ransomware strain, how much disk space is available to run a backup, and time — is worth the price. 

The mayors' consensus comes just weeks after two Florida cities paid their attackers' ransom demands. A third Florida city, Key Biscayne, was hit soon after, though the city has yet to reveal whether or not it will pay the ransom. 

The Florida cities, Riviera Beach and Lake City, enlisted support from outside counsel to decide on the next plan of action. Both cities agreed to dish out the $600,000 and $462,000 in ransom, respectively. 

Another city took the financial risk of refusing the ransom. In March 2018, Atlanta refused to pay a ransom equivalent to about $51,000. By June the city was requesting $9.5 million more for recovery costs. The attack stalled Atlanta's services, knocking more than one-third of its software applications either partially or fully offline. 

If ethics and other risk factors are ignored, paying a ransom makes more sense economically. But the decision to pay a ransom is unique to the victim's circumstances. Hackers calculate ransoms to make it low enough for their victim to pay, but high enough to make a profit.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
How Local Governments Can Leverage Smart City Indicators to Enhance Urban Competitiveness
From Market Intelligence & Consulting Institute(MIC)
November 20, 2024

Want to share a company announcement with your peers?

Get started

Editors' picks
Latest in Climate & Resilience
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell